| Message | Id | Version | Qualifiers | Level | Task | Opcode | Keywords | RecordId | ProviderName | ProviderId | LogName | ProcessId | ThreadId | MachineName | UserId | TimeCreated | ActivityId | RelatedActivityId | ContainerLog | MatchedQueryIds | Bookmark | LevelDisplayName | OpcodeDisplayName | TaskDisplayName | KeywordsDisplayNames | Properties |
|---|
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82e5391e-0527-46a9-9315-a9bc2ba25dd9
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=5.1.14393.1944
RunspaceId=d834fee7-a775-4ec0-8cfc-4013b3ee0e99
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3486 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82e5391e-0527-46a9-9315-a9bc2ba25dd9
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3485 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82e5391e-0527-46a9-9315-a9bc2ba25dd9
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3484 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82e5391e-0527-46a9-9315-a9bc2ba25dd9
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3483 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82e5391e-0527-46a9-9315-a9bc2ba25dd9
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3482 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82e5391e-0527-46a9-9315-a9bc2ba25dd9
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3481 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=82e5391e-0527-46a9-9315-a9bc2ba25dd9
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABDADoAXABjAG8AbABsAGUAYwB0AC0AZQB2AGUAbgB0AC0AbABvAGcALgBwAHMAMQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3480 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4e9648b-88cc-4d17-952e-d1729c8b982b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d2333295-f3ee-43d3-9626-d86141b8032b
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3479 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4e9648b-88cc-4d17-952e-d1729c8b982b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d2333295-f3ee-43d3-9626-d86141b8032b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3478 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4e9648b-88cc-4d17-952e-d1729c8b982b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3477 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4e9648b-88cc-4d17-952e-d1729c8b982b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3476 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4e9648b-88cc-4d17-952e-d1729c8b982b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3475 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4e9648b-88cc-4d17-952e-d1729c8b982b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3474 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4e9648b-88cc-4d17-952e-d1729c8b982b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3473 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4e9648b-88cc-4d17-952e-d1729c8b982b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3472 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4e9648b-88cc-4d17-952e-d1729c8b982b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3471 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e4e9648b-88cc-4d17-952e-d1729c8b982b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3470 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=40f94eec-9c07-400c-8cd1-908f4b450082
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e26abd6a-b16e-4c92-84b1-23992987c004
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3469 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=40f94eec-9c07-400c-8cd1-908f4b450082
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3468 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=40f94eec-9c07-400c-8cd1-908f4b450082
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3467 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=40f94eec-9c07-400c-8cd1-908f4b450082
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3466 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=40f94eec-9c07-400c-8cd1-908f4b450082
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3465 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=40f94eec-9c07-400c-8cd1-908f4b450082
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3464 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=40f94eec-9c07-400c-8cd1-908f4b450082
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3463 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b4df29ee-312a-45b3-bccb-74ca68380c1f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFkAQQBOAGcAQQAyAEEARABZAEEATwBRAEEAdQBBAEQAVQBBAE0AZwBBAHQAQQBEAE0AQQBNAGcAQQB3AEEARABrAEEATQB3AEEANABBAEQARQBBAE4AUQBBADUAQQBEAGsAQQBPAEEAQQAyAEEARABJAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=61939ca2-81bd-47df-b852-2487920c3817
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3462 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc5e3f4a-c392-4245-8399-7053966d2009
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAOQAuADUAMgAtADMAMgAwADkAMwA4ADEANQA5ADkAOAA2ADIAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=7be66931-5866-4242-af49-6fdee1343bb2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3461 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc5e3f4a-c392-4245-8399-7053966d2009
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAOQAuADUAMgAtADMAMgAwADkAMwA4ADEANQA5ADkAOAA2ADIAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=7be66931-5866-4242-af49-6fdee1343bb2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3460 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc5e3f4a-c392-4245-8399-7053966d2009
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAOQAuADUAMgAtADMAMgAwADkAMwA4ADEANQA5ADkAOAA2ADIAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3459 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc5e3f4a-c392-4245-8399-7053966d2009
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAOQAuADUAMgAtADMAMgAwADkAMwA4ADEANQA5ADkAOAA2ADIAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3458 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc5e3f4a-c392-4245-8399-7053966d2009
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAOQAuADUAMgAtADMAMgAwADkAMwA4ADEANQA5ADkAOAA2ADIAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3457 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc5e3f4a-c392-4245-8399-7053966d2009
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAOQAuADUAMgAtADMAMgAwADkAMwA4ADEANQA5ADkAOAA2ADIAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3456 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc5e3f4a-c392-4245-8399-7053966d2009
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAOQAuADUAMgAtADMAMgAwADkAMwA4ADEANQA5ADkAOAA2ADIAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3455 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dc5e3f4a-c392-4245-8399-7053966d2009
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAOQAuADUAMgAtADMAMgAwADkAMwA4ADEANQA5ADkAOAA2ADIAOQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3454 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b4df29ee-312a-45b3-bccb-74ca68380c1f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFkAQQBOAGcAQQAyAEEARABZAEEATwBRAEEAdQBBAEQAVQBBAE0AZwBBAHQAQQBEAE0AQQBNAGcAQQB3AEEARABrAEEATQB3AEEANABBAEQARQBBAE4AUQBBADUAQQBEAGsAQQBPAEEAQQAyAEEARABJAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=61939ca2-81bd-47df-b852-2487920c3817
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3453 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b4df29ee-312a-45b3-bccb-74ca68380c1f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFkAQQBOAGcAQQAyAEEARABZAEEATwBRAEEAdQBBAEQAVQBBAE0AZwBBAHQAQQBEAE0AQQBNAGcAQQB3AEEARABrAEEATQB3AEEANABBAEQARQBBAE4AUQBBADUAQQBEAGsAQQBPAEEAQQAyAEEARABJAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3452 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b4df29ee-312a-45b3-bccb-74ca68380c1f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFkAQQBOAGcAQQAyAEEARABZAEEATwBRAEEAdQBBAEQAVQBBAE0AZwBBAHQAQQBEAE0AQQBNAGcAQQB3AEEARABrAEEATQB3AEEANABBAEQARQBBAE4AUQBBADUAQQBEAGsAQQBPAEEAQQAyAEEARABJAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3451 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b4df29ee-312a-45b3-bccb-74ca68380c1f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFkAQQBOAGcAQQAyAEEARABZAEEATwBRAEEAdQBBAEQAVQBBAE0AZwBBAHQAQQBEAE0AQQBNAGcAQQB3AEEARABrAEEATQB3AEEANABBAEQARQBBAE4AUQBBADUAQQBEAGsAQQBPAEEAQQAyAEEARABJAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3450 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b4df29ee-312a-45b3-bccb-74ca68380c1f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFkAQQBOAGcAQQAyAEEARABZAEEATwBRAEEAdQBBAEQAVQBBAE0AZwBBAHQAQQBEAE0AQQBNAGcAQQB3AEEARABrAEEATQB3AEEANABBAEQARQBBAE4AUQBBADUAQQBEAGsAQQBPAEEAQQAyAEEARABJAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3449 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b4df29ee-312a-45b3-bccb-74ca68380c1f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFkAQQBOAGcAQQAyAEEARABZAEEATwBRAEEAdQBBAEQAVQBBAE0AZwBBAHQAQQBEAE0AQQBNAGcAQQB3AEEARABrAEEATQB3AEEANABBAEQARQBBAE4AUQBBADUAQQBEAGsAQQBPAEEAQQAyAEEARABJAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3448 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b4df29ee-312a-45b3-bccb-74ca68380c1f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFkAQQBOAGcAQQAyAEEARABZAEEATwBRAEEAdQBBAEQAVQBBAE0AZwBBAHQAQQBEAE0AQQBNAGcAQQB3AEEARABrAEEATQB3AEEANABBAEQARQBBAE4AUQBBADUAQQBEAGsAQQBPAEEAQQAyAEEARABJAEEATwBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3447 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac275848-cdd8-4d2d-87a1-9f44b9f68085
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c202e8f1-7279-48a6-991d-c124163a3b7e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3446 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a418ed2a-b4b7-4dcb-aa55-3bf53ffcf377
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=462c5b11-0263-4098-b038-2235c44395ff
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3445 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a418ed2a-b4b7-4dcb-aa55-3bf53ffcf377
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3444 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a418ed2a-b4b7-4dcb-aa55-3bf53ffcf377
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3443 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a418ed2a-b4b7-4dcb-aa55-3bf53ffcf377
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3442 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a418ed2a-b4b7-4dcb-aa55-3bf53ffcf377
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3441 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a418ed2a-b4b7-4dcb-aa55-3bf53ffcf377
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3440 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a418ed2a-b4b7-4dcb-aa55-3bf53ffcf377
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3439 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a418ed2a-b4b7-4dcb-aa55-3bf53ffcf377
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3438 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a418ed2a-b4b7-4dcb-aa55-3bf53ffcf377
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3437 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac275848-cdd8-4d2d-87a1-9f44b9f68085
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c202e8f1-7279-48a6-991d-c124163a3b7e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3436 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac275848-cdd8-4d2d-87a1-9f44b9f68085
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3435 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac275848-cdd8-4d2d-87a1-9f44b9f68085
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3434 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac275848-cdd8-4d2d-87a1-9f44b9f68085
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3433 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac275848-cdd8-4d2d-87a1-9f44b9f68085
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3432 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac275848-cdd8-4d2d-87a1-9f44b9f68085
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3431 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac275848-cdd8-4d2d-87a1-9f44b9f68085
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3430 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=87640ef8-75e6-4bee-bf2e-d5f791b620d0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAOQAuADUAMgAtADMAMgAwADkAMwA4ADEANQA5ADkAOAA2ADIAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=1b5b813f-ac52-4dcc-8899-132780d80843
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3429 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=87640ef8-75e6-4bee-bf2e-d5f791b620d0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAOQAuADUAMgAtADMAMgAwADkAMwA4ADEANQA5ADkAOAA2ADIAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=1b5b813f-ac52-4dcc-8899-132780d80843
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3428 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=87640ef8-75e6-4bee-bf2e-d5f791b620d0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAOQAuADUAMgAtADMAMgAwADkAMwA4ADEANQA5ADkAOAA2ADIAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3427 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=87640ef8-75e6-4bee-bf2e-d5f791b620d0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAOQAuADUAMgAtADMAMgAwADkAMwA4ADEANQA5ADkAOAA2ADIAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3426 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=87640ef8-75e6-4bee-bf2e-d5f791b620d0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAOQAuADUAMgAtADMAMgAwADkAMwA4ADEANQA5ADkAOAA2ADIAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3425 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=87640ef8-75e6-4bee-bf2e-d5f791b620d0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAOQAuADUAMgAtADMAMgAwADkAMwA4ADEANQA5ADkAOAA2ADIAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3424 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=87640ef8-75e6-4bee-bf2e-d5f791b620d0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAOQAuADUAMgAtADMAMgAwADkAMwA4ADEANQA5ADkAOAA2ADIAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3423 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=87640ef8-75e6-4bee-bf2e-d5f791b620d0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAOQAuADUAMgAtADMAMgAwADkAMwA4ADEANQA5ADkAOAA2ADIAOQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3422 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9ae1da9-d1e6-44df-8787-3fd3ed780f6c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=457759d6-b551-4f50-852c-4a192605ad78
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3421 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e538d1de-5442-468c-8f30-f4d909aea30a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=87d796a8-6c12-48b8-b7a8-a9a551094630
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3420 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e538d1de-5442-468c-8f30-f4d909aea30a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3419 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e538d1de-5442-468c-8f30-f4d909aea30a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3418 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e538d1de-5442-468c-8f30-f4d909aea30a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3417 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e538d1de-5442-468c-8f30-f4d909aea30a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3416 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e538d1de-5442-468c-8f30-f4d909aea30a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3415 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e538d1de-5442-468c-8f30-f4d909aea30a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3414 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e538d1de-5442-468c-8f30-f4d909aea30a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3413 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e538d1de-5442-468c-8f30-f4d909aea30a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3412 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9ae1da9-d1e6-44df-8787-3fd3ed780f6c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=457759d6-b551-4f50-852c-4a192605ad78
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3411 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9ae1da9-d1e6-44df-8787-3fd3ed780f6c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3410 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9ae1da9-d1e6-44df-8787-3fd3ed780f6c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3409 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9ae1da9-d1e6-44df-8787-3fd3ed780f6c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3408 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9ae1da9-d1e6-44df-8787-3fd3ed780f6c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3407 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9ae1da9-d1e6-44df-8787-3fd3ed780f6c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3406 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b9ae1da9-d1e6-44df-8787-3fd3ed780f6c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3405 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f39c1d3d-e31e-4e1d-b19a-c9fd1ffe70a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AZwBBADIAQQBEAFkAQQBOAGcAQQA1AEEAQwA0AEEATgBRAEEAeQBBAEMAMABBAE0AdwBBAHkAQQBEAEEAQQBPAFEAQQB6AEEARABnAEEATQBRAEEAMQBBAEQAawBBAE8AUQBBADQAQQBEAFkAQQBNAGcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=b1ea0ea4-7dfa-44da-9d09-91bac2339cae
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3404 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5b187929-b145-45e8-8f93-1de51d847529
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANgA2ADYANgA5AC4ANQAyAC0AMwAyADAAOQAzADgAMQA1ADkAOQA4ADYAMgA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=7f59771e-6084-44ba-b240-e3b0204b659f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3403 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5b187929-b145-45e8-8f93-1de51d847529
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANgA2ADYANgA5AC4ANQAyAC0AMwAyADAAOQAzADgAMQA1ADkAOQA4ADYAMgA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=7f59771e-6084-44ba-b240-e3b0204b659f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3402 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5b187929-b145-45e8-8f93-1de51d847529
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANgA2ADYANgA5AC4ANQAyAC0AMwAyADAAOQAzADgAMQA1ADkAOQA4ADYAMgA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3401 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5b187929-b145-45e8-8f93-1de51d847529
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANgA2ADYANgA5AC4ANQAyAC0AMwAyADAAOQAzADgAMQA1ADkAOQA4ADYAMgA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3400 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5b187929-b145-45e8-8f93-1de51d847529
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANgA2ADYANgA5AC4ANQAyAC0AMwAyADAAOQAzADgAMQA1ADkAOQA4ADYAMgA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3399 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5b187929-b145-45e8-8f93-1de51d847529
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANgA2ADYANgA5AC4ANQAyAC0AMwAyADAAOQAzADgAMQA1ADkAOQA4ADYAMgA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3398 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5b187929-b145-45e8-8f93-1de51d847529
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANgA2ADYANgA5AC4ANQAyAC0AMwAyADAAOQAzADgAMQA1ADkAOQA4ADYAMgA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3397 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5b187929-b145-45e8-8f93-1de51d847529
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANgA2ADYANgA5AC4ANQAyAC0AMwAyADAAOQAzADgAMQA1ADkAOQA4ADYAMgA5ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3396 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f39c1d3d-e31e-4e1d-b19a-c9fd1ffe70a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AZwBBADIAQQBEAFkAQQBOAGcAQQA1AEEAQwA0AEEATgBRAEEAeQBBAEMAMABBAE0AdwBBAHkAQQBEAEEAQQBPAFEAQQB6AEEARABnAEEATQBRAEEAMQBBAEQAawBBAE8AUQBBADQAQQBEAFkAQQBNAGcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=b1ea0ea4-7dfa-44da-9d09-91bac2339cae
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3395 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f39c1d3d-e31e-4e1d-b19a-c9fd1ffe70a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AZwBBADIAQQBEAFkAQQBOAGcAQQA1AEEAQwA0AEEATgBRAEEAeQBBAEMAMABBAE0AdwBBAHkAQQBEAEEAQQBPAFEAQQB6AEEARABnAEEATQBRAEEAMQBBAEQAawBBAE8AUQBBADQAQQBEAFkAQQBNAGcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3394 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f39c1d3d-e31e-4e1d-b19a-c9fd1ffe70a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AZwBBADIAQQBEAFkAQQBOAGcAQQA1AEEAQwA0AEEATgBRAEEAeQBBAEMAMABBAE0AdwBBAHkAQQBEAEEAQQBPAFEAQQB6AEEARABnAEEATQBRAEEAMQBBAEQAawBBAE8AUQBBADQAQQBEAFkAQQBNAGcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3393 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f39c1d3d-e31e-4e1d-b19a-c9fd1ffe70a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AZwBBADIAQQBEAFkAQQBOAGcAQQA1AEEAQwA0AEEATgBRAEEAeQBBAEMAMABBAE0AdwBBAHkAQQBEAEEAQQBPAFEAQQB6AEEARABnAEEATQBRAEEAMQBBAEQAawBBAE8AUQBBADQAQQBEAFkAQQBNAGcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3392 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f39c1d3d-e31e-4e1d-b19a-c9fd1ffe70a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AZwBBADIAQQBEAFkAQQBOAGcAQQA1AEEAQwA0AEEATgBRAEEAeQBBAEMAMABBAE0AdwBBAHkAQQBEAEEAQQBPAFEAQQB6AEEARABnAEEATQBRAEEAMQBBAEQAawBBAE8AUQBBADQAQQBEAFkAQQBNAGcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3391 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f39c1d3d-e31e-4e1d-b19a-c9fd1ffe70a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AZwBBADIAQQBEAFkAQQBOAGcAQQA1AEEAQwA0AEEATgBRAEEAeQBBAEMAMABBAE0AdwBBAHkAQQBEAEEAQQBPAFEAQQB6AEEARABnAEEATQBRAEEAMQBBAEQAawBBAE8AUQBBADQAQQBEAFkAQQBNAGcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3390 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f39c1d3d-e31e-4e1d-b19a-c9fd1ffe70a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AZwBBADIAQQBEAFkAQQBOAGcAQQA1AEEAQwA0AEEATgBRAEEAeQBBAEMAMABBAE0AdwBBAHkAQQBEAEEAQQBPAFEAQQB6AEEARABnAEEATQBRAEEAMQBBAEQAawBBAE8AUQBBADQAQQBEAFkAQQBNAGcAQQA1AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3389 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d2b12878-9bc7-4021-8f87-230c679dfe5d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFkAQQBOAGcAQQAyAEEARABZAEEATgBRAEEAdQBBAEQASQBBAE4AZwBBAHQAQQBEAEUAQQBNAHcAQQAxAEEARABVAEEATQBRAEEAeABBAEQATQBBAE8AUQBBADAAQQBEAEkAQQBOAHcAQQAxAEEARABRAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=5.1.14393.1944
RunspaceId=5f80120e-39d9-4bff-837a-24c76b91816c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3388 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bb7ab631-61b7-43f1-a048-e1061b3059af
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYANQAuADIANgAtADEAMwA1ADUAMQAxADMAOQA0ADIANwA1ADQAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=5.1.14393.1944
RunspaceId=c896a78e-9be4-4e5e-8ced-e7614774a76b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3387 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bb7ab631-61b7-43f1-a048-e1061b3059af
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYANQAuADIANgAtADEAMwA1ADUAMQAxADMAOQA0ADIANwA1ADQAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=5.1.14393.1944
RunspaceId=c896a78e-9be4-4e5e-8ced-e7614774a76b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3386 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bb7ab631-61b7-43f1-a048-e1061b3059af
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYANQAuADIANgAtADEAMwA1ADUAMQAxADMAOQA0ADIANwA1ADQAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3385 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bb7ab631-61b7-43f1-a048-e1061b3059af
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYANQAuADIANgAtADEAMwA1ADUAMQAxADMAOQA0ADIANwA1ADQAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3384 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bb7ab631-61b7-43f1-a048-e1061b3059af
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYANQAuADIANgAtADEAMwA1ADUAMQAxADMAOQA0ADIANwA1ADQAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3383 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bb7ab631-61b7-43f1-a048-e1061b3059af
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYANQAuADIANgAtADEAMwA1ADUAMQAxADMAOQA0ADIANwA1ADQAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3382 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bb7ab631-61b7-43f1-a048-e1061b3059af
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYANQAuADIANgAtADEAMwA1ADUAMQAxADMAOQA0ADIANwA1ADQAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3381 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bb7ab631-61b7-43f1-a048-e1061b3059af
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYANQAuADIANgAtADEAMwA1ADUAMQAxADMAOQA0ADIANwA1ADQAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3380 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d2b12878-9bc7-4021-8f87-230c679dfe5d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFkAQQBOAGcAQQAyAEEARABZAEEATgBRAEEAdQBBAEQASQBBAE4AZwBBAHQAQQBEAEUAQQBNAHcAQQAxAEEARABVAEEATQBRAEEAeABBAEQATQBBAE8AUQBBADAAQQBEAEkAQQBOAHcAQQAxAEEARABRAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=5.1.14393.1944
RunspaceId=5f80120e-39d9-4bff-837a-24c76b91816c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3379 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d2b12878-9bc7-4021-8f87-230c679dfe5d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFkAQQBOAGcAQQAyAEEARABZAEEATgBRAEEAdQBBAEQASQBBAE4AZwBBAHQAQQBEAEUAQQBNAHcAQQAxAEEARABVAEEATQBRAEEAeABBAEQATQBBAE8AUQBBADAAQQBEAEkAQQBOAHcAQQAxAEEARABRAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3378 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d2b12878-9bc7-4021-8f87-230c679dfe5d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFkAQQBOAGcAQQAyAEEARABZAEEATgBRAEEAdQBBAEQASQBBAE4AZwBBAHQAQQBEAEUAQQBNAHcAQQAxAEEARABVAEEATQBRAEEAeABBAEQATQBBAE8AUQBBADAAQQBEAEkAQQBOAHcAQQAxAEEARABRAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3377 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d2b12878-9bc7-4021-8f87-230c679dfe5d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFkAQQBOAGcAQQAyAEEARABZAEEATgBRAEEAdQBBAEQASQBBAE4AZwBBAHQAQQBEAEUAQQBNAHcAQQAxAEEARABVAEEATQBRAEEAeABBAEQATQBBAE8AUQBBADAAQQBEAEkAQQBOAHcAQQAxAEEARABRAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3376 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d2b12878-9bc7-4021-8f87-230c679dfe5d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFkAQQBOAGcAQQAyAEEARABZAEEATgBRAEEAdQBBAEQASQBBAE4AZwBBAHQAQQBEAEUAQQBNAHcAQQAxAEEARABVAEEATQBRAEEAeABBAEQATQBBAE8AUQBBADAAQQBEAEkAQQBOAHcAQQAxAEEARABRAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3375 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d2b12878-9bc7-4021-8f87-230c679dfe5d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFkAQQBOAGcAQQAyAEEARABZAEEATgBRAEEAdQBBAEQASQBBAE4AZwBBAHQAQQBEAEUAQQBNAHcAQQAxAEEARABVAEEATQBRAEEAeABBAEQATQBBAE8AUQBBADAAQQBEAEkAQQBOAHcAQQAxAEEARABRAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3374 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d2b12878-9bc7-4021-8f87-230c679dfe5d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFkAQQBOAGcAQQAyAEEARABZAEEATgBRAEEAdQBBAEQASQBBAE4AZwBBAHQAQQBEAEUAQQBNAHcAQQAxAEEARABVAEEATQBRAEEAeABBAEQATQBBAE8AUQBBADAAQQBEAEkAQQBOAHcAQQAxAEEARABRAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3373 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=73dfc0c2-ff27-497a-8a50-91dd3fa3ed81
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4bbaa9b7-92c8-4f80-bac0-eccd6d77d42a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3372 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e083a8e1-1cee-4e28-8f02-d73b8de495b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5482f888-d409-4d15-b671-6753840e8253
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3371 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e083a8e1-1cee-4e28-8f02-d73b8de495b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3370 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e083a8e1-1cee-4e28-8f02-d73b8de495b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3369 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e083a8e1-1cee-4e28-8f02-d73b8de495b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3368 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e083a8e1-1cee-4e28-8f02-d73b8de495b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3367 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e083a8e1-1cee-4e28-8f02-d73b8de495b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3366 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e083a8e1-1cee-4e28-8f02-d73b8de495b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3365 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e083a8e1-1cee-4e28-8f02-d73b8de495b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3364 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e083a8e1-1cee-4e28-8f02-d73b8de495b0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3363 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=73dfc0c2-ff27-497a-8a50-91dd3fa3ed81
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4bbaa9b7-92c8-4f80-bac0-eccd6d77d42a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3362 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=73dfc0c2-ff27-497a-8a50-91dd3fa3ed81
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3361 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=73dfc0c2-ff27-497a-8a50-91dd3fa3ed81
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3360 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=73dfc0c2-ff27-497a-8a50-91dd3fa3ed81
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3359 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=73dfc0c2-ff27-497a-8a50-91dd3fa3ed81
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3358 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=73dfc0c2-ff27-497a-8a50-91dd3fa3ed81
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3357 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=73dfc0c2-ff27-497a-8a50-91dd3fa3ed81
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3356 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96f9daca-c628-4da0-8615-88dd8c1dd576
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYANQAuADIANgAtADEAMwA1ADUAMQAxADMAOQA0ADIANwA1ADQAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=d4e47119-0862-4185-a60e-87957f3fd35a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3355 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96f9daca-c628-4da0-8615-88dd8c1dd576
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYANQAuADIANgAtADEAMwA1ADUAMQAxADMAOQA0ADIANwA1ADQAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=d4e47119-0862-4185-a60e-87957f3fd35a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3354 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96f9daca-c628-4da0-8615-88dd8c1dd576
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYANQAuADIANgAtADEAMwA1ADUAMQAxADMAOQA0ADIANwA1ADQAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3353 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96f9daca-c628-4da0-8615-88dd8c1dd576
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYANQAuADIANgAtADEAMwA1ADUAMQAxADMAOQA0ADIANwA1ADQAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3352 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96f9daca-c628-4da0-8615-88dd8c1dd576
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYANQAuADIANgAtADEAMwA1ADUAMQAxADMAOQA0ADIANwA1ADQAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3351 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96f9daca-c628-4da0-8615-88dd8c1dd576
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYANQAuADIANgAtADEAMwA1ADUAMQAxADMAOQA0ADIANwA1ADQAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3350 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96f9daca-c628-4da0-8615-88dd8c1dd576
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYANQAuADIANgAtADEAMwA1ADUAMQAxADMAOQA0ADIANwA1ADQAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3349 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=96f9daca-c628-4da0-8615-88dd8c1dd576
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYANQAuADIANgAtADEAMwA1ADUAMQAxADMAOQA0ADIANwA1ADQAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3348 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=137aadc7-0903-487b-af6f-95da933f030c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=01e823dc-e4d5-43a5-9e55-b92070b303ba
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3347 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b0d3e9be-5adf-4ae6-96c7-a609b568239e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=26be5a00-bd8e-4224-a5f8-adb4ead5437f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3346 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b0d3e9be-5adf-4ae6-96c7-a609b568239e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3345 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b0d3e9be-5adf-4ae6-96c7-a609b568239e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3344 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b0d3e9be-5adf-4ae6-96c7-a609b568239e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3343 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b0d3e9be-5adf-4ae6-96c7-a609b568239e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3342 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b0d3e9be-5adf-4ae6-96c7-a609b568239e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3341 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b0d3e9be-5adf-4ae6-96c7-a609b568239e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3340 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b0d3e9be-5adf-4ae6-96c7-a609b568239e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3339 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b0d3e9be-5adf-4ae6-96c7-a609b568239e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3338 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=137aadc7-0903-487b-af6f-95da933f030c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=01e823dc-e4d5-43a5-9e55-b92070b303ba
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3337 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=137aadc7-0903-487b-af6f-95da933f030c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3336 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=137aadc7-0903-487b-af6f-95da933f030c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3335 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=137aadc7-0903-487b-af6f-95da933f030c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3334 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=137aadc7-0903-487b-af6f-95da933f030c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3333 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=137aadc7-0903-487b-af6f-95da933f030c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3332 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=137aadc7-0903-487b-af6f-95da933f030c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3331 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=de78b6b9-1c1e-42e8-8e33-b0726ed2e4a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AZwBBADIAQQBEAFkAQQBOAGcAQQAxAEEAQwA0AEEATQBnAEEAMgBBAEMAMABBAE0AUQBBAHoAQQBEAFUAQQBOAFEAQQB4AEEARABFAEEATQB3AEEANQBBAEQAUQBBAE0AZwBBADMAQQBEAFUAQQBOAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=5.1.14393.1944
RunspaceId=bba2bb99-e796-43b7-a697-054ce4b49f3a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3330 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=90a7d1c7-3629-49f8-ab84-edaeffba1381
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANgA2ADYANgA1AC4AMgA2AC0AMQAzADUANQAxADEAMwA5ADQAMgA3ADUANAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=5.1.14393.1944
RunspaceId=816d8a82-6e73-4bbb-9863-de012c54ab02
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3329 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=90a7d1c7-3629-49f8-ab84-edaeffba1381
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANgA2ADYANgA1AC4AMgA2AC0AMQAzADUANQAxADEAMwA5ADQAMgA3ADUANAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=5.1.14393.1944
RunspaceId=816d8a82-6e73-4bbb-9863-de012c54ab02
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3328 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=90a7d1c7-3629-49f8-ab84-edaeffba1381
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANgA2ADYANgA1AC4AMgA2AC0AMQAzADUANQAxADEAMwA5ADQAMgA3ADUANAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3327 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=90a7d1c7-3629-49f8-ab84-edaeffba1381
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANgA2ADYANgA1AC4AMgA2AC0AMQAzADUANQAxADEAMwA5ADQAMgA3ADUANAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3326 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=90a7d1c7-3629-49f8-ab84-edaeffba1381
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANgA2ADYANgA1AC4AMgA2AC0AMQAzADUANQAxADEAMwA5ADQAMgA3ADUANAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3325 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=90a7d1c7-3629-49f8-ab84-edaeffba1381
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANgA2ADYANgA1AC4AMgA2AC0AMQAzADUANQAxADEAMwA5ADQAMgA3ADUANAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3324 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=90a7d1c7-3629-49f8-ab84-edaeffba1381
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANgA2ADYANgA1AC4AMgA2AC0AMQAzADUANQAxADEAMwA5ADQAMgA3ADUANAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3323 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=90a7d1c7-3629-49f8-ab84-edaeffba1381
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANgA2ADYANgA1AC4AMgA2AC0AMQAzADUANQAxADEAMwA5ADQAMgA3ADUANAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3322 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=de78b6b9-1c1e-42e8-8e33-b0726ed2e4a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AZwBBADIAQQBEAFkAQQBOAGcAQQAxAEEAQwA0AEEATQBnAEEAMgBBAEMAMABBAE0AUQBBAHoAQQBEAFUAQQBOAFEAQQB4AEEARABFAEEATQB3AEEANQBBAEQAUQBBAE0AZwBBADMAQQBEAFUAQQBOAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=5.1.14393.1944
RunspaceId=bba2bb99-e796-43b7-a697-054ce4b49f3a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3321 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=de78b6b9-1c1e-42e8-8e33-b0726ed2e4a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AZwBBADIAQQBEAFkAQQBOAGcAQQAxAEEAQwA0AEEATQBnAEEAMgBBAEMAMABBAE0AUQBBAHoAQQBEAFUAQQBOAFEAQQB4AEEARABFAEEATQB3AEEANQBBAEQAUQBBAE0AZwBBADMAQQBEAFUAQQBOAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3320 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=de78b6b9-1c1e-42e8-8e33-b0726ed2e4a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AZwBBADIAQQBEAFkAQQBOAGcAQQAxAEEAQwA0AEEATQBnAEEAMgBBAEMAMABBAE0AUQBBAHoAQQBEAFUAQQBOAFEAQQB4AEEARABFAEEATQB3AEEANQBBAEQAUQBBAE0AZwBBADMAQQBEAFUAQQBOAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3319 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=de78b6b9-1c1e-42e8-8e33-b0726ed2e4a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AZwBBADIAQQBEAFkAQQBOAGcAQQAxAEEAQwA0AEEATQBnAEEAMgBBAEMAMABBAE0AUQBBAHoAQQBEAFUAQQBOAFEAQQB4AEEARABFAEEATQB3AEEANQBBAEQAUQBBAE0AZwBBADMAQQBEAFUAQQBOAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3318 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=de78b6b9-1c1e-42e8-8e33-b0726ed2e4a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AZwBBADIAQQBEAFkAQQBOAGcAQQAxAEEAQwA0AEEATQBnAEEAMgBBAEMAMABBAE0AUQBBAHoAQQBEAFUAQQBOAFEAQQB4AEEARABFAEEATQB3AEEANQBBAEQAUQBBAE0AZwBBADMAQQBEAFUAQQBOAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3317 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=de78b6b9-1c1e-42e8-8e33-b0726ed2e4a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AZwBBADIAQQBEAFkAQQBOAGcAQQAxAEEAQwA0AEEATQBnAEEAMgBBAEMAMABBAE0AUQBBAHoAQQBEAFUAQQBOAFEAQQB4AEEARABFAEEATQB3AEEANQBBAEQAUQBBAE0AZwBBADMAQQBEAFUAQQBOAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3316 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=de78b6b9-1c1e-42e8-8e33-b0726ed2e4a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AZwBBADIAQQBEAFkAQQBOAGcAQQAxAEEAQwA0AEEATQBnAEEAMgBBAEMAMABBAE0AUQBBAHoAQQBEAFUAQQBOAFEAQQB4AEEARABFAEEATQB3AEEANQBBAEQAUQBBAE0AZwBBADMAQQBEAFUAQQBOAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3315 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ef048d2e-4116-403f-8710-71abcb57a56a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFkAQQBOAGcAQQAyAEEARABZAEEATQBBAEEAdQBBAEQATQBBAE8AUQBBAHQAQQBEAFkAQQBOAHcAQQAxAEEARABRAEEATQBRAEEANQBBAEQASQBBAE8AQQBBADUAQQBEAGMAQQBOAHcAQQAzAEEARABJAEEATgB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=3df109b0-30cb-4bff-a904-d5478efa1577
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3314 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a09e4819-4590-4ccd-8c91-938467c780e5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAMAAuADMAOQAtADYANwA1ADQAMQA5ADIAOAA5ADcANwA3ADIANwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=d4dd5642-7825-4894-aeb4-0f809a8092b9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3313 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a09e4819-4590-4ccd-8c91-938467c780e5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAMAAuADMAOQAtADYANwA1ADQAMQA5ADIAOAA5ADcANwA3ADIANwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=d4dd5642-7825-4894-aeb4-0f809a8092b9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3312 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a09e4819-4590-4ccd-8c91-938467c780e5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAMAAuADMAOQAtADYANwA1ADQAMQA5ADIAOAA5ADcANwA3ADIANwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3311 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a09e4819-4590-4ccd-8c91-938467c780e5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAMAAuADMAOQAtADYANwA1ADQAMQA5ADIAOAA5ADcANwA3ADIANwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3310 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a09e4819-4590-4ccd-8c91-938467c780e5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAMAAuADMAOQAtADYANwA1ADQAMQA5ADIAOAA5ADcANwA3ADIANwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3309 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a09e4819-4590-4ccd-8c91-938467c780e5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAMAAuADMAOQAtADYANwA1ADQAMQA5ADIAOAA5ADcANwA3ADIANwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3308 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a09e4819-4590-4ccd-8c91-938467c780e5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAMAAuADMAOQAtADYANwA1ADQAMQA5ADIAOAA5ADcANwA3ADIANwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3307 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a09e4819-4590-4ccd-8c91-938467c780e5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAMAAuADMAOQAtADYANwA1ADQAMQA5ADIAOAA5ADcANwA3ADIANwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3306 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ef048d2e-4116-403f-8710-71abcb57a56a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFkAQQBOAGcAQQAyAEEARABZAEEATQBBAEEAdQBBAEQATQBBAE8AUQBBAHQAQQBEAFkAQQBOAHcAQQAxAEEARABRAEEATQBRAEEANQBBAEQASQBBAE8AQQBBADUAQQBEAGMAQQBOAHcAQQAzAEEARABJAEEATgB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=3df109b0-30cb-4bff-a904-d5478efa1577
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3305 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ef048d2e-4116-403f-8710-71abcb57a56a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFkAQQBOAGcAQQAyAEEARABZAEEATQBBAEEAdQBBAEQATQBBAE8AUQBBAHQAQQBEAFkAQQBOAHcAQQAxAEEARABRAEEATQBRAEEANQBBAEQASQBBAE8AQQBBADUAQQBEAGMAQQBOAHcAQQAzAEEARABJAEEATgB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3304 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ef048d2e-4116-403f-8710-71abcb57a56a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFkAQQBOAGcAQQAyAEEARABZAEEATQBBAEEAdQBBAEQATQBBAE8AUQBBAHQAQQBEAFkAQQBOAHcAQQAxAEEARABRAEEATQBRAEEANQBBAEQASQBBAE8AQQBBADUAQQBEAGMAQQBOAHcAQQAzAEEARABJAEEATgB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3303 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ef048d2e-4116-403f-8710-71abcb57a56a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFkAQQBOAGcAQQAyAEEARABZAEEATQBBAEEAdQBBAEQATQBBAE8AUQBBAHQAQQBEAFkAQQBOAHcAQQAxAEEARABRAEEATQBRAEEANQBBAEQASQBBAE8AQQBBADUAQQBEAGMAQQBOAHcAQQAzAEEARABJAEEATgB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3302 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ef048d2e-4116-403f-8710-71abcb57a56a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFkAQQBOAGcAQQAyAEEARABZAEEATQBBAEEAdQBBAEQATQBBAE8AUQBBAHQAQQBEAFkAQQBOAHcAQQAxAEEARABRAEEATQBRAEEANQBBAEQASQBBAE8AQQBBADUAQQBEAGMAQQBOAHcAQQAzAEEARABJAEEATgB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3301 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ef048d2e-4116-403f-8710-71abcb57a56a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFkAQQBOAGcAQQAyAEEARABZAEEATQBBAEEAdQBBAEQATQBBAE8AUQBBAHQAQQBEAFkAQQBOAHcAQQAxAEEARABRAEEATQBRAEEANQBBAEQASQBBAE8AQQBBADUAQQBEAGMAQQBOAHcAQQAzAEEARABJAEEATgB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3300 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ef048d2e-4116-403f-8710-71abcb57a56a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFkAQQBOAGcAQQAyAEEARABZAEEATQBBAEEAdQBBAEQATQBBAE8AUQBBAHQAQQBEAFkAQQBOAHcAQQAxAEEARABRAEEATQBRAEEANQBBAEQASQBBAE8AQQBBADUAQQBEAGMAQQBOAHcAQQAzAEEARABJAEEATgB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3299 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=669d337d-14c8-4bcf-b68c-39f35e4de475
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ddd8a877-a8ea-4703-bed0-3fb902f20582
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3298 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=80526b2c-cede-4775-9e8e-c051bbf9b1da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e400ddc6-821c-4edb-af48-39de2a3db169
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3297 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=80526b2c-cede-4775-9e8e-c051bbf9b1da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3296 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=80526b2c-cede-4775-9e8e-c051bbf9b1da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3295 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=80526b2c-cede-4775-9e8e-c051bbf9b1da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3294 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=80526b2c-cede-4775-9e8e-c051bbf9b1da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3293 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=80526b2c-cede-4775-9e8e-c051bbf9b1da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3292 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=80526b2c-cede-4775-9e8e-c051bbf9b1da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3291 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=80526b2c-cede-4775-9e8e-c051bbf9b1da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3290 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=80526b2c-cede-4775-9e8e-c051bbf9b1da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3289 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=669d337d-14c8-4bcf-b68c-39f35e4de475
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ddd8a877-a8ea-4703-bed0-3fb902f20582
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3288 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=669d337d-14c8-4bcf-b68c-39f35e4de475
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3287 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=669d337d-14c8-4bcf-b68c-39f35e4de475
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3286 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=669d337d-14c8-4bcf-b68c-39f35e4de475
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3285 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=669d337d-14c8-4bcf-b68c-39f35e4de475
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3284 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=669d337d-14c8-4bcf-b68c-39f35e4de475
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3283 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=669d337d-14c8-4bcf-b68c-39f35e4de475
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3282 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e841863d-10f1-4594-b467-74b7f6f18ca1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAMAAuADMAOQAtADYANwA1ADQAMQA5ADIAOAA5ADcANwA3ADIANwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=76ae786a-e98e-4178-b91b-6d94553c6c21
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3281 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e841863d-10f1-4594-b467-74b7f6f18ca1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAMAAuADMAOQAtADYANwA1ADQAMQA5ADIAOAA5ADcANwA3ADIANwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=76ae786a-e98e-4178-b91b-6d94553c6c21
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3280 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e841863d-10f1-4594-b467-74b7f6f18ca1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAMAAuADMAOQAtADYANwA1ADQAMQA5ADIAOAA5ADcANwA3ADIANwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3279 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e841863d-10f1-4594-b467-74b7f6f18ca1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAMAAuADMAOQAtADYANwA1ADQAMQA5ADIAOAA5ADcANwA3ADIANwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3278 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e841863d-10f1-4594-b467-74b7f6f18ca1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAMAAuADMAOQAtADYANwA1ADQAMQA5ADIAOAA5ADcANwA3ADIANwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3277 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e841863d-10f1-4594-b467-74b7f6f18ca1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAMAAuADMAOQAtADYANwA1ADQAMQA5ADIAOAA5ADcANwA3ADIANwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3276 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e841863d-10f1-4594-b467-74b7f6f18ca1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAMAAuADMAOQAtADYANwA1ADQAMQA5ADIAOAA5ADcANwA3ADIANwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3275 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e841863d-10f1-4594-b467-74b7f6f18ca1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADYANgA2ADYAMAAuADMAOQAtADYANwA1ADQAMQA5ADIAOAA5ADcANwA3ADIANwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3274 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=93f8ca81-d030-4601-8314-a383c523a8cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=265228ea-dd1c-44e2-a55c-0961560dc6a8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3273 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4f846104-5762-4053-83bb-2c403803a537
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=52d69ab5-d0dc-42e4-a676-9b598b5a6342
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3272 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4f846104-5762-4053-83bb-2c403803a537
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3271 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4f846104-5762-4053-83bb-2c403803a537
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3270 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4f846104-5762-4053-83bb-2c403803a537
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3269 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4f846104-5762-4053-83bb-2c403803a537
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3268 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4f846104-5762-4053-83bb-2c403803a537
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3267 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4f846104-5762-4053-83bb-2c403803a537
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3266 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4f846104-5762-4053-83bb-2c403803a537
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3265 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4f846104-5762-4053-83bb-2c403803a537
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3264 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=93f8ca81-d030-4601-8314-a383c523a8cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=265228ea-dd1c-44e2-a55c-0961560dc6a8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3263 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=93f8ca81-d030-4601-8314-a383c523a8cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3262 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=93f8ca81-d030-4601-8314-a383c523a8cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3261 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=93f8ca81-d030-4601-8314-a383c523a8cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3260 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=93f8ca81-d030-4601-8314-a383c523a8cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3259 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=93f8ca81-d030-4601-8314-a383c523a8cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3258 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=93f8ca81-d030-4601-8314-a383c523a8cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3257 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4785531-c1a4-4c87-9955-f2e16a86837c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AZwBBADIAQQBEAFkAQQBOAGcAQQB3AEEAQwA0AEEATQB3AEEANQBBAEMAMABBAE4AZwBBADMAQQBEAFUAQQBOAEEAQQB4AEEARABrAEEATQBnAEEANABBAEQAawBBAE4AdwBBADMAQQBEAGMAQQBNAGcAQQAzAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=df07d2a5-68dd-489f-b23d-ed7ed2c58726
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3256 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4752eccc-89da-400d-b11b-fae53237ff84
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANgA2ADYANgAwAC4AMwA5AC0ANgA3ADUANAAxADkAMgA4ADkANwA3ADcAMgA3ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=b460d32c-891c-4be6-bbfd-1acf2cbe6db5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3255 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4752eccc-89da-400d-b11b-fae53237ff84
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANgA2ADYANgAwAC4AMwA5AC0ANgA3ADUANAAxADkAMgA4ADkANwA3ADcAMgA3ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=b460d32c-891c-4be6-bbfd-1acf2cbe6db5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3254 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4752eccc-89da-400d-b11b-fae53237ff84
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANgA2ADYANgAwAC4AMwA5AC0ANgA3ADUANAAxADkAMgA4ADkANwA3ADcAMgA3ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3253 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4752eccc-89da-400d-b11b-fae53237ff84
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANgA2ADYANgAwAC4AMwA5AC0ANgA3ADUANAAxADkAMgA4ADkANwA3ADcAMgA3ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3252 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4752eccc-89da-400d-b11b-fae53237ff84
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANgA2ADYANgAwAC4AMwA5AC0ANgA3ADUANAAxADkAMgA4ADkANwA3ADcAMgA3ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3251 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4752eccc-89da-400d-b11b-fae53237ff84
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANgA2ADYANgAwAC4AMwA5AC0ANgA3ADUANAAxADkAMgA4ADkANwA3ADcAMgA3ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3250 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4752eccc-89da-400d-b11b-fae53237ff84
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANgA2ADYANgAwAC4AMwA5AC0ANgA3ADUANAAxADkAMgA4ADkANwA3ADcAMgA3ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3249 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4752eccc-89da-400d-b11b-fae53237ff84
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANgA2ADYANgAwAC4AMwA5AC0ANgA3ADUANAAxADkAMgA4ADkANwA3ADcAMgA3ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3248 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4785531-c1a4-4c87-9955-f2e16a86837c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AZwBBADIAQQBEAFkAQQBOAGcAQQB3AEEAQwA0AEEATQB3AEEANQBBAEMAMABBAE4AZwBBADMAQQBEAFUAQQBOAEEAQQB4AEEARABrAEEATQBnAEEANABBAEQAawBBAE4AdwBBADMAQQBEAGMAQQBNAGcAQQAzAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=df07d2a5-68dd-489f-b23d-ed7ed2c58726
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3247 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4785531-c1a4-4c87-9955-f2e16a86837c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AZwBBADIAQQBEAFkAQQBOAGcAQQB3AEEAQwA0AEEATQB3AEEANQBBAEMAMABBAE4AZwBBADMAQQBEAFUAQQBOAEEAQQB4AEEARABrAEEATQBnAEEANABBAEQAawBBAE4AdwBBADMAQQBEAGMAQQBNAGcAQQAzAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3246 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4785531-c1a4-4c87-9955-f2e16a86837c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AZwBBADIAQQBEAFkAQQBOAGcAQQB3AEEAQwA0AEEATQB3AEEANQBBAEMAMABBAE4AZwBBADMAQQBEAFUAQQBOAEEAQQB4AEEARABrAEEATQBnAEEANABBAEQAawBBAE4AdwBBADMAQQBEAGMAQQBNAGcAQQAzAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3245 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4785531-c1a4-4c87-9955-f2e16a86837c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AZwBBADIAQQBEAFkAQQBOAGcAQQB3AEEAQwA0AEEATQB3AEEANQBBAEMAMABBAE4AZwBBADMAQQBEAFUAQQBOAEEAQQB4AEEARABrAEEATQBnAEEANABBAEQAawBBAE4AdwBBADMAQQBEAGMAQQBNAGcAQQAzAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3244 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4785531-c1a4-4c87-9955-f2e16a86837c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AZwBBADIAQQBEAFkAQQBOAGcAQQB3AEEAQwA0AEEATQB3AEEANQBBAEMAMABBAE4AZwBBADMAQQBEAFUAQQBOAEEAQQB4AEEARABrAEEATQBnAEEANABBAEQAawBBAE4AdwBBADMAQQBEAGMAQQBNAGcAQQAzAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3243 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4785531-c1a4-4c87-9955-f2e16a86837c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AZwBBADIAQQBEAFkAQQBOAGcAQQB3AEEAQwA0AEEATQB3AEEANQBBAEMAMABBAE4AZwBBADMAQQBEAFUAQQBOAEEAQQB4AEEARABrAEEATQBnAEEANABBAEQAawBBAE4AdwBBADMAQQBEAGMAQQBNAGcAQQAzAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3242 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4785531-c1a4-4c87-9955-f2e16a86837c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AZwBBADIAQQBEAFkAQQBOAGcAQQB3AEEAQwA0AEEATQB3AEEANQBBAEMAMABBAE4AZwBBADMAQQBEAFUAQQBOAEEAQQB4AEEARABrAEEATQBnAEEANABBAEQAawBBAE4AdwBBADMAQQBEAGMAQQBNAGcAQQAzAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3241 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=36
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1c42edec-9885-46de-b9bc-2a2e6b8ebd9d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=265713e4-14c9-43f7-9e7e-646c95e8b578
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3240 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=34
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=74449559-4710-4c03-91fe-e784df899926
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=009d93c0-3faf-4bc1-aaf2-9981fb057851
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3239 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=74449559-4710-4c03-91fe-e784df899926
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=009d93c0-3faf-4bc1-aaf2-9981fb057851
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3238 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=74449559-4710-4c03-91fe-e784df899926
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3237 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=74449559-4710-4c03-91fe-e784df899926
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3236 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=74449559-4710-4c03-91fe-e784df899926
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3235 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=74449559-4710-4c03-91fe-e784df899926
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3234 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=74449559-4710-4c03-91fe-e784df899926
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3233 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=74449559-4710-4c03-91fe-e784df899926
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3232 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=74449559-4710-4c03-91fe-e784df899926
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3231 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=74449559-4710-4c03-91fe-e784df899926
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3230 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1c42edec-9885-46de-b9bc-2a2e6b8ebd9d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=265713e4-14c9-43f7-9e7e-646c95e8b578
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3229 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1c42edec-9885-46de-b9bc-2a2e6b8ebd9d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3228 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1c42edec-9885-46de-b9bc-2a2e6b8ebd9d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3227 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1c42edec-9885-46de-b9bc-2a2e6b8ebd9d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3226 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1c42edec-9885-46de-b9bc-2a2e6b8ebd9d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3225 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1c42edec-9885-46de-b9bc-2a2e6b8ebd9d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3224 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1c42edec-9885-46de-b9bc-2a2e6b8ebd9d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3223 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 8:44:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42f94e39-cd7b-4b22-82d6-a62dd1615436
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=46e81ed1-6ad8-4fde-992b-65a76b831fd7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3222 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1a16463b-dbb8-4ae9-a80b-48723bcc22c0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AbwB2AHMALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=5.1.14393.1944
RunspaceId=3573dc43-bdc0-4c33-b1e0-48275531f65b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3221 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1a16463b-dbb8-4ae9-a80b-48723bcc22c0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AbwB2AHMALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=5.1.14393.1944
RunspaceId=3573dc43-bdc0-4c33-b1e0-48275531f65b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3220 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1a16463b-dbb8-4ae9-a80b-48723bcc22c0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AbwB2AHMALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3219 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1a16463b-dbb8-4ae9-a80b-48723bcc22c0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AbwB2AHMALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3218 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1a16463b-dbb8-4ae9-a80b-48723bcc22c0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AbwB2AHMALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3217 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1a16463b-dbb8-4ae9-a80b-48723bcc22c0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AbwB2AHMALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3216 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1a16463b-dbb8-4ae9-a80b-48723bcc22c0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AbwB2AHMALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3215 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1a16463b-dbb8-4ae9-a80b-48723bcc22c0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AbwB2AHMALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3214 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7fdceba3-f976-4793-92b5-53306ab8baf6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0ccf2a31-2257-4654-b661-a34613a3b5a2
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3213 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7fdceba3-f976-4793-92b5-53306ab8baf6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0ccf2a31-2257-4654-b661-a34613a3b5a2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3212 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7fdceba3-f976-4793-92b5-53306ab8baf6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3211 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7fdceba3-f976-4793-92b5-53306ab8baf6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3210 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7fdceba3-f976-4793-92b5-53306ab8baf6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3209 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7fdceba3-f976-4793-92b5-53306ab8baf6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3208 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7fdceba3-f976-4793-92b5-53306ab8baf6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3207 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7fdceba3-f976-4793-92b5-53306ab8baf6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3206 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7fdceba3-f976-4793-92b5-53306ab8baf6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3205 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7fdceba3-f976-4793-92b5-53306ab8baf6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3204 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42f94e39-cd7b-4b22-82d6-a62dd1615436
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=46e81ed1-6ad8-4fde-992b-65a76b831fd7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3203 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42f94e39-cd7b-4b22-82d6-a62dd1615436
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3202 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42f94e39-cd7b-4b22-82d6-a62dd1615436
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3201 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42f94e39-cd7b-4b22-82d6-a62dd1615436
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3200 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42f94e39-cd7b-4b22-82d6-a62dd1615436
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3199 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42f94e39-cd7b-4b22-82d6-a62dd1615436
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3198 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=42f94e39-cd7b-4b22-82d6-a62dd1615436
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3197 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=37
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf955198-c5db-4093-8eb3-171b325f15d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=25781373-79ce-47c2-9f4b-5d2c4cdd42ac
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3196 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=35
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c384aad4-f8fd-4d19-8a5d-65476df3f9cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=66d9da19-696c-489b-9bcb-6116514240a1
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $platform_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Text;
namespace Ansible.PrivilegeUtil
{
[Flags]
public enum PrivilegeAttributes : uint
{
Disabled = 0x00000000,
EnabledByDefault = 0x00000001,
Enabled = 0x00000002,
Removed = 0x00000004,
UsedForAccess = 0x80000000,
}
internal class NativeHelpers
{
[StructLayout(LayoutKind.Sequential)]
internal struct LUID
{
public UInt32 LowPart;
public Int32 HighPart;
}
[StructLayout(LayoutKind.Sequential)]
internal struct LUID_AND_ATTRIBUTES
{
public LUID Luid;
public PrivilegeAttributes Attributes;
}
[StructLayout(LayoutKind.Sequential)]
internal struct TOKEN_PRIVILEGES
{
public UInt32 PrivilegeCount;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
public LUID_AND_ATTRIBUTES[] Privileges;
}
}
internal class NativeMethods
{
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(
IntPtr TokenHandle,
[MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges,
IntPtr NewState,
UInt32 BufferLength,
IntPtr PreviousState,
out UInt32 ReturnLength);
[DllImport("kernel32.dll")]
internal static extern bool CloseHandle(
IntPtr hObject);
[DllImport("kernel32")]
internal static extern SafeWaitHandle GetCurrentProcess();
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool GetTokenInformation(
IntPtr TokenHandle,
UInt32 TokenInformationClass,
IntPtr TokenInformation,
UInt32 TokenInformationLength,
out UInt32 ReturnLength);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeName(
string lpSystemName,
ref NativeHelpers.LUID lpLuid,
StringBuilder lpName,
ref UInt32 cchName);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeValue(
string lpSystemName,
string lpName,
out NativeHelpers.LUID lpLuid);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool OpenProcessToken(
SafeHandle ProcessHandle,
TokenAccessLevels DesiredAccess,
out IntPtr TokenHandle);
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class Privileges
{
private static readonly UInt32 TOKEN_PRIVILEGES = 3;
public static bool CheckPrivilegeName(string name)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, name, out luid))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE
throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name));
return false;
}
else
{
return true;
}
}
public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } });
}
public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token)
{
return AdjustTokenPrivileges(token, null);
}
public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } });
}
public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token)
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken))
throw new Win32Exception("OpenProcessToken() failed");
Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>();
try
{
UInt32 tokenLength = 0;
NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength);
NativeHelpers.LUID_AND_ATTRIBUTES[] privileges;
IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength);
try
{
if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength))
throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed");
NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount];
PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(privilegesPtr);
}
info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes);
}
finally
{
NativeMethods.CloseHandle(hToken);
}
return info;
}
public static SafeWaitHandle GetCurrentProcess()
{
return NativeMethods.GetCurrentProcess();
}
public static void RemovePrivilege(SafeHandle token, string privilege)
{
SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } });
}
public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state)
{
NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count];
int i = 0;
foreach (KeyValuePair<string, bool?> entry in state)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid))
throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key));
PrivilegeAttributes attributes;
switch (entry.Value)
{
case true:
attributes = PrivilegeAttributes.Enabled;
break;
case false:
attributes = PrivilegeAttributes.Disabled;
break;
default:
attributes = PrivilegeAttributes.Removed;
break;
}
privilegeAttr[i].Luid = luid;
privilegeAttr[i].Attributes = attributes;
i++;
}
return AdjustTokenPrivileges(token, privilegeAttr);
}
private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState)
{
bool disableAllPrivileges;
IntPtr newStatePtr;
NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges;
UInt32 returnLength;
if (newState == null)
{
disableAllPrivileges = true;
newStatePtr = IntPtr.Zero;
}
else
{
disableAllPrivileges = false;
// Need to manually marshal the bytes requires for newState as the constant size
// of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES
// always contains at least 1 entry so we need to calculate the extra size if there are
// nore than 1 LUID_AND_ATTRIBUTES entry
int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES));
int luidAttrSize = 0;
if (newState.Length > 1)
luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1);
int totalSize = tokenPrivilegesSize + luidAttrSize;
byte[] newStateBytes = new byte[totalSize];
// get the first entry that includes the struct details
NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES()
{
PrivilegeCount = (UInt32)newState.Length,
Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1],
};
if (newState.Length > 0)
tokenPrivileges.Privileges[0] = newState[0];
int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0);
// copy the remaining LUID_AND_ATTRIBUTES (if any)
for (int i = 1; i < newState.Length; i++)
offset += StructureToBytes(newState[i], newStateBytes, offset);
// finally create the pointer to the byte array we just created
newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length);
Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length);
}
try
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken))
throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges");
try
{
IntPtr oldStatePtr = Marshal.AllocHGlobal(0);
if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size");
}
// resize the oldStatePtr based on the length returned from Windows
Marshal.FreeHGlobal(oldStatePtr);
oldStatePtr = Marshal.AllocHGlobal((int)returnLength);
try
{
bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength);
int errCode = Marshal.GetLastWin32Error();
// even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code
if (!res || errCode != 0)
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed");
// Marshal the oldStatePtr to the struct
NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount];
PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(oldStatePtr);
}
}
finally
{
NativeMethods.CloseHandle(hToken);
}
}
finally
{
if (newStatePtr != IntPtr.Zero)
Marshal.FreeHGlobal(newStatePtr);
}
return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled));
}
private static string GetPrivilegeName(NativeHelpers.LUID luid)
{
UInt32 nameLen = 0;
NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen);
StringBuilder name = new StringBuilder((int)(nameLen + 1));
if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen))
throw new Win32Exception("LookupPrivilegeName() failed");
return name.ToString();
}
private static void PtrToStructureArray<T>(T[] array, IntPtr ptr)
{
IntPtr ptrOffset = ptr;
for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T))))
array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T));
}
private static int StructureToBytes<T>(T structure, byte[] array, int offset)
{
int size = Marshal.SizeOf(structure);
IntPtr structPtr = Marshal.AllocHGlobal(size);
try
{
Marshal.StructureToPtr(structure, structPtr, false);
Marshal.Copy(structPtr, array, offset, size);
}
finally
{
Marshal.FreeHGlobal(structPtr);
}
return size;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3195 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $link_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c384aad4-f8fd-4d19-8a5d-65476df3f9cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=66d9da19-696c-489b-9bcb-6116514240a1
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $link_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
namespace Ansible
{
public enum LinkType
{
SymbolicLink,
JunctionPoint,
HardLink
}
public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); }
}
public class LinkInfo
{
public LinkType Type { get; internal set; }
public string PrintName { get; internal set; }
public string SubstituteName { get; internal set; }
public string AbsolutePath { get; internal set; }
public string TargetPath { get; internal set; }
public string[] HardTargets { get; internal set; }
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct REPARSE_DATA_BUFFER
{
public UInt32 ReparseTag;
public UInt16 ReparseDataLength;
public UInt16 Reserved;
public UInt16 SubstituteNameOffset;
public UInt16 SubstituteNameLength;
public UInt16 PrintNameOffset;
public UInt16 PrintNameLength;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)]
public char[] PathBuffer;
}
public class LinkUtil
{
public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16;
private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000;
private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000;
private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8;
private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4;
private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000;
private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003;
private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C;
private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001;
private const Int64 INVALID_HANDLE_VALUE = -1;
private const UInt32 SIZE_OF_WCHAR = 2;
private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000;
private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001;
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
private static extern SafeFileHandle CreateFile(
string lpFileName,
[MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess,
[MarshalAs(UnmanagedType.U4)] FileShare dwShareMode,
IntPtr lpSecurityAttributes,
[MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition,
UInt32 dwFlagsAndAttributes,
IntPtr hTemplateFile);
// Used by GetReparsePointInfo()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
IntPtr lpInBuffer,
UInt32 nInBufferSize,
out REPARSE_DATA_BUFFER lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
// Used by CreateJunctionPoint()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
REPARSE_DATA_BUFFER lpInBuffer,
UInt32 nInBufferSize,
IntPtr lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool GetVolumePathName(
string lpszFileName,
StringBuilder lpszVolumePathName,
ref UInt32 cchBufferLength);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern IntPtr FindFirstFileNameW(
string lpFileName,
UInt32 dwFlags,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool FindNextFileNameW(
IntPtr hFindStream,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool FindClose(
IntPtr hFindFile);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool RemoveDirectory(
string lpPathName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeleteFile(
string lpFileName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateSymbolicLink(
string lpSymlinkFileName,
string lpTargetFileName,
UInt32 dwFlags);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateHardLink(
string lpFileName,
string lpExistingFileName,
IntPtr lpSecurityAttributes);
public static LinkInfo GetLinkInfo(string linkPath)
{
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.ReparsePoint))
return GetReparsePointInfo(linkPath);
if (!attr.HasFlag(FileAttributes.Directory))
return GetHardLinkInfo(linkPath);
return null;
}
public static void DeleteLink(string linkPath)
{
bool success;
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.Directory))
{
success = RemoveDirectory(linkPath);
}
else
{
success = DeleteFile(linkPath);
}
if (!success)
throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath));
}
public static void CreateLink(string linkPath, String linkTarget, LinkType linkType)
{
switch (linkType)
{
case LinkType.SymbolicLink:
UInt32 linkFlags;
FileAttributes attr = File.GetAttributes(linkTarget);
if (attr.HasFlag(FileAttributes.Directory))
linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY;
else
linkFlags = SYMBOLIC_LINK_FLAG_FILE;
if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags))
throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags));
break;
case LinkType.JunctionPoint:
CreateJunctionPoint(linkPath, linkTarget);
break;
case LinkType.HardLink:
if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget));
break;
}
}
private static LinkInfo GetHardLinkInfo(string linkPath)
{
UInt32 maxPath = 260;
List<string> result = new List<string>();
StringBuilder sb = new StringBuilder((int)maxPath);
UInt32 stringLength = maxPath;
if (!GetVolumePathName(linkPath, sb, ref stringLength))
throw new LinkUtilWin32Exception("GetVolumePathName() failed");
string volume = sb.ToString();
stringLength = maxPath;
IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb);
if (findHandle.ToInt64() != INVALID_HANDLE_VALUE)
{
try
{
do
{
string hardLinkPath = sb.ToString();
if (hardLinkPath.StartsWith("\\"))
hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1);
result.Add(Path.Combine(volume, hardLinkPath));
stringLength = maxPath;
} while (FindNextFileNameW(findHandle, ref stringLength, sb));
}
finally
{
FindClose(findHandle);
}
}
if (result.Count > 1)
return new LinkInfo
{
Type = LinkType.HardLink,
HardTargets = result.ToArray()
};
return null;
}
private static LinkInfo GetReparsePointInfo(string linkPath)
{
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Read,
FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
UInt32 bytesReturned;
try
{
if (!DeviceIoControl(
fileHandle,
FSCTL_GET_REPARSE_POINT,
IntPtr.Zero,
0,
out buffer,
MAXIMUM_REPARSE_DATA_BUFFER_SIZE,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath));
}
finally
{
fileHandle.Dispose();
}
bool isRelative = false;
int pathOffset = 0;
LinkType linkType;
if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK)
{
UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]);
if (bufferFlags == SYMLINK_FLAG_RELATIVE)
isRelative = true;
pathOffset = 2;
linkType = LinkType.SymbolicLink;
}
else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT)
{
linkType = LinkType.JunctionPoint;
}
else
{
string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString());
throw new Exception(errorMessage);
}
string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR));
string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR));
// TODO: should we check for \?\UNC\server for convert it to the NT style \\server path
// Remove the leading Windows object directory \?\ from the path if present
string targetPath = substituteName;
if (targetPath.StartsWith("\\??\\"))
targetPath = targetPath.Substring(4, targetPath.Length - 4);
string absolutePath = targetPath;
if (isRelative)
absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath));
return new LinkInfo
{
Type = linkType,
PrintName = printName,
SubstituteName = substituteName,
AbsolutePath = absolutePath,
TargetPath = targetPath
};
}
private static void CreateJunctionPoint(string linkPath, string linkTarget)
{
// We need to create the link as a dir beforehand
Directory.CreateDirectory(linkPath);
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Write,
FileShare.Read | FileShare.Write | FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
try
{
string substituteName = "\\??\\" + Path.GetFullPath(linkTarget);
string printName = linkTarget;
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
buffer.SubstituteNameOffset = 0;
buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR);
buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2);
buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR);
buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT;
buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12);
buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE];
byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName);
char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes);
Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length);
UInt32 bytesReturned;
if (!DeviceIoControl(
fileHandle,
FSCTL_SET_REPARSE_POINT,
buffer,
(UInt32)(buffer.ReparseDataLength + 8),
IntPtr.Zero, 0,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget));
}
finally
{
fileHandle.Dispose();
}
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3194 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c384aad4-f8fd-4d19-8a5d-65476df3f9cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=66d9da19-696c-489b-9bcb-6116514240a1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3193 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c384aad4-f8fd-4d19-8a5d-65476df3f9cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3192 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c384aad4-f8fd-4d19-8a5d-65476df3f9cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3191 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c384aad4-f8fd-4d19-8a5d-65476df3f9cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3190 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c384aad4-f8fd-4d19-8a5d-65476df3f9cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3189 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c384aad4-f8fd-4d19-8a5d-65476df3f9cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3188 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c384aad4-f8fd-4d19-8a5d-65476df3f9cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3187 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c384aad4-f8fd-4d19-8a5d-65476df3f9cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3186 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c384aad4-f8fd-4d19-8a5d-65476df3f9cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3185 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf955198-c5db-4093-8eb3-171b325f15d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=25781373-79ce-47c2-9f4b-5d2c4cdd42ac
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3184 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf955198-c5db-4093-8eb3-171b325f15d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3183 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf955198-c5db-4093-8eb3-171b325f15d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3182 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf955198-c5db-4093-8eb3-171b325f15d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3181 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf955198-c5db-4093-8eb3-171b325f15d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3180 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf955198-c5db-4093-8eb3-171b325f15d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3179 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bf955198-c5db-4093-8eb3-171b325f15d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3178 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=797b1dc9-0314-4788-9bb1-096c8666743b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b82a2e16-bb01-42ae-b97d-106fe10bb423
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3177 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e6ada1b9-a44a-442f-a321-5e42e5414ad3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AbwB2AHMALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=5.1.14393.1944
RunspaceId=1108ffb1-0137-4749-8400-0b06e07f77c9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3176 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e6ada1b9-a44a-442f-a321-5e42e5414ad3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AbwB2AHMALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=5.1.14393.1944
RunspaceId=1108ffb1-0137-4749-8400-0b06e07f77c9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3175 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e6ada1b9-a44a-442f-a321-5e42e5414ad3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AbwB2AHMALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3174 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e6ada1b9-a44a-442f-a321-5e42e5414ad3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AbwB2AHMALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3173 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e6ada1b9-a44a-442f-a321-5e42e5414ad3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AbwB2AHMALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3172 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e6ada1b9-a44a-442f-a321-5e42e5414ad3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AbwB2AHMALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3171 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e6ada1b9-a44a-442f-a321-5e42e5414ad3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AbwB2AHMALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3170 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e6ada1b9-a44a-442f-a321-5e42e5414ad3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAGUAdQB0AHIAbwBuAC0AbwB2AHMALQBhAGcAZQBuAHQAIAB8ACAAJQB7ACQAXwAuAFMAdABhAHQAdQBzAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3169 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=75d4d29f-ccfe-43b4-908b-24a5435ea035
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b40e2d45-2fb5-43bd-981b-3775415bd970
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3168 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=75d4d29f-ccfe-43b4-908b-24a5435ea035
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b40e2d45-2fb5-43bd-981b-3775415bd970
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3167 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=75d4d29f-ccfe-43b4-908b-24a5435ea035
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3166 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=75d4d29f-ccfe-43b4-908b-24a5435ea035
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3165 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=75d4d29f-ccfe-43b4-908b-24a5435ea035
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3164 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=75d4d29f-ccfe-43b4-908b-24a5435ea035
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3163 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=75d4d29f-ccfe-43b4-908b-24a5435ea035
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3162 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=75d4d29f-ccfe-43b4-908b-24a5435ea035
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3161 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=75d4d29f-ccfe-43b4-908b-24a5435ea035
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3160 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=75d4d29f-ccfe-43b4-908b-24a5435ea035
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3159 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=797b1dc9-0314-4788-9bb1-096c8666743b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b82a2e16-bb01-42ae-b97d-106fe10bb423
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3158 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=797b1dc9-0314-4788-9bb1-096c8666743b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3157 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=797b1dc9-0314-4788-9bb1-096c8666743b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3156 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=797b1dc9-0314-4788-9bb1-096c8666743b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3155 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=797b1dc9-0314-4788-9bb1-096c8666743b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3154 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=797b1dc9-0314-4788-9bb1-096c8666743b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3153 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=797b1dc9-0314-4788-9bb1-096c8666743b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3152 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=37
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4417f264-6cfc-4bf7-b0f3-82323abf14be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=db644185-94a8-41f4-925e-7dcd6c29485a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3151 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=35
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc1346d2-d667-42ec-b944-a9a3f37598e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8d8000af-2e52-4e61-9f28-06b67f35f7f4
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $platform_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Text;
namespace Ansible.PrivilegeUtil
{
[Flags]
public enum PrivilegeAttributes : uint
{
Disabled = 0x00000000,
EnabledByDefault = 0x00000001,
Enabled = 0x00000002,
Removed = 0x00000004,
UsedForAccess = 0x80000000,
}
internal class NativeHelpers
{
[StructLayout(LayoutKind.Sequential)]
internal struct LUID
{
public UInt32 LowPart;
public Int32 HighPart;
}
[StructLayout(LayoutKind.Sequential)]
internal struct LUID_AND_ATTRIBUTES
{
public LUID Luid;
public PrivilegeAttributes Attributes;
}
[StructLayout(LayoutKind.Sequential)]
internal struct TOKEN_PRIVILEGES
{
public UInt32 PrivilegeCount;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
public LUID_AND_ATTRIBUTES[] Privileges;
}
}
internal class NativeMethods
{
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(
IntPtr TokenHandle,
[MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges,
IntPtr NewState,
UInt32 BufferLength,
IntPtr PreviousState,
out UInt32 ReturnLength);
[DllImport("kernel32.dll")]
internal static extern bool CloseHandle(
IntPtr hObject);
[DllImport("kernel32")]
internal static extern SafeWaitHandle GetCurrentProcess();
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool GetTokenInformation(
IntPtr TokenHandle,
UInt32 TokenInformationClass,
IntPtr TokenInformation,
UInt32 TokenInformationLength,
out UInt32 ReturnLength);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeName(
string lpSystemName,
ref NativeHelpers.LUID lpLuid,
StringBuilder lpName,
ref UInt32 cchName);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeValue(
string lpSystemName,
string lpName,
out NativeHelpers.LUID lpLuid);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool OpenProcessToken(
SafeHandle ProcessHandle,
TokenAccessLevels DesiredAccess,
out IntPtr TokenHandle);
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class Privileges
{
private static readonly UInt32 TOKEN_PRIVILEGES = 3;
public static bool CheckPrivilegeName(string name)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, name, out luid))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE
throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name));
return false;
}
else
{
return true;
}
}
public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } });
}
public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token)
{
return AdjustTokenPrivileges(token, null);
}
public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } });
}
public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token)
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken))
throw new Win32Exception("OpenProcessToken() failed");
Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>();
try
{
UInt32 tokenLength = 0;
NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength);
NativeHelpers.LUID_AND_ATTRIBUTES[] privileges;
IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength);
try
{
if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength))
throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed");
NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount];
PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(privilegesPtr);
}
info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes);
}
finally
{
NativeMethods.CloseHandle(hToken);
}
return info;
}
public static SafeWaitHandle GetCurrentProcess()
{
return NativeMethods.GetCurrentProcess();
}
public static void RemovePrivilege(SafeHandle token, string privilege)
{
SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } });
}
public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state)
{
NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count];
int i = 0;
foreach (KeyValuePair<string, bool?> entry in state)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid))
throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key));
PrivilegeAttributes attributes;
switch (entry.Value)
{
case true:
attributes = PrivilegeAttributes.Enabled;
break;
case false:
attributes = PrivilegeAttributes.Disabled;
break;
default:
attributes = PrivilegeAttributes.Removed;
break;
}
privilegeAttr[i].Luid = luid;
privilegeAttr[i].Attributes = attributes;
i++;
}
return AdjustTokenPrivileges(token, privilegeAttr);
}
private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState)
{
bool disableAllPrivileges;
IntPtr newStatePtr;
NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges;
UInt32 returnLength;
if (newState == null)
{
disableAllPrivileges = true;
newStatePtr = IntPtr.Zero;
}
else
{
disableAllPrivileges = false;
// Need to manually marshal the bytes requires for newState as the constant size
// of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES
// always contains at least 1 entry so we need to calculate the extra size if there are
// nore than 1 LUID_AND_ATTRIBUTES entry
int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES));
int luidAttrSize = 0;
if (newState.Length > 1)
luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1);
int totalSize = tokenPrivilegesSize + luidAttrSize;
byte[] newStateBytes = new byte[totalSize];
// get the first entry that includes the struct details
NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES()
{
PrivilegeCount = (UInt32)newState.Length,
Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1],
};
if (newState.Length > 0)
tokenPrivileges.Privileges[0] = newState[0];
int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0);
// copy the remaining LUID_AND_ATTRIBUTES (if any)
for (int i = 1; i < newState.Length; i++)
offset += StructureToBytes(newState[i], newStateBytes, offset);
// finally create the pointer to the byte array we just created
newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length);
Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length);
}
try
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken))
throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges");
try
{
IntPtr oldStatePtr = Marshal.AllocHGlobal(0);
if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size");
}
// resize the oldStatePtr based on the length returned from Windows
Marshal.FreeHGlobal(oldStatePtr);
oldStatePtr = Marshal.AllocHGlobal((int)returnLength);
try
{
bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength);
int errCode = Marshal.GetLastWin32Error();
// even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code
if (!res || errCode != 0)
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed");
// Marshal the oldStatePtr to the struct
NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount];
PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(oldStatePtr);
}
}
finally
{
NativeMethods.CloseHandle(hToken);
}
}
finally
{
if (newStatePtr != IntPtr.Zero)
Marshal.FreeHGlobal(newStatePtr);
}
return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled));
}
private static string GetPrivilegeName(NativeHelpers.LUID luid)
{
UInt32 nameLen = 0;
NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen);
StringBuilder name = new StringBuilder((int)(nameLen + 1));
if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen))
throw new Win32Exception("LookupPrivilegeName() failed");
return name.ToString();
}
private static void PtrToStructureArray<T>(T[] array, IntPtr ptr)
{
IntPtr ptrOffset = ptr;
for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T))))
array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T));
}
private static int StructureToBytes<T>(T structure, byte[] array, int offset)
{
int size = Marshal.SizeOf(structure);
IntPtr structPtr = Marshal.AllocHGlobal(size);
try
{
Marshal.StructureToPtr(structure, structPtr, false);
Marshal.Copy(structPtr, array, offset, size);
}
finally
{
Marshal.FreeHGlobal(structPtr);
}
return size;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3150 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $link_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc1346d2-d667-42ec-b944-a9a3f37598e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8d8000af-2e52-4e61-9f28-06b67f35f7f4
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $link_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
namespace Ansible
{
public enum LinkType
{
SymbolicLink,
JunctionPoint,
HardLink
}
public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); }
}
public class LinkInfo
{
public LinkType Type { get; internal set; }
public string PrintName { get; internal set; }
public string SubstituteName { get; internal set; }
public string AbsolutePath { get; internal set; }
public string TargetPath { get; internal set; }
public string[] HardTargets { get; internal set; }
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct REPARSE_DATA_BUFFER
{
public UInt32 ReparseTag;
public UInt16 ReparseDataLength;
public UInt16 Reserved;
public UInt16 SubstituteNameOffset;
public UInt16 SubstituteNameLength;
public UInt16 PrintNameOffset;
public UInt16 PrintNameLength;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)]
public char[] PathBuffer;
}
public class LinkUtil
{
public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16;
private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000;
private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000;
private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8;
private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4;
private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000;
private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003;
private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C;
private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001;
private const Int64 INVALID_HANDLE_VALUE = -1;
private const UInt32 SIZE_OF_WCHAR = 2;
private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000;
private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001;
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
private static extern SafeFileHandle CreateFile(
string lpFileName,
[MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess,
[MarshalAs(UnmanagedType.U4)] FileShare dwShareMode,
IntPtr lpSecurityAttributes,
[MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition,
UInt32 dwFlagsAndAttributes,
IntPtr hTemplateFile);
// Used by GetReparsePointInfo()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
IntPtr lpInBuffer,
UInt32 nInBufferSize,
out REPARSE_DATA_BUFFER lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
// Used by CreateJunctionPoint()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
REPARSE_DATA_BUFFER lpInBuffer,
UInt32 nInBufferSize,
IntPtr lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool GetVolumePathName(
string lpszFileName,
StringBuilder lpszVolumePathName,
ref UInt32 cchBufferLength);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern IntPtr FindFirstFileNameW(
string lpFileName,
UInt32 dwFlags,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool FindNextFileNameW(
IntPtr hFindStream,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool FindClose(
IntPtr hFindFile);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool RemoveDirectory(
string lpPathName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeleteFile(
string lpFileName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateSymbolicLink(
string lpSymlinkFileName,
string lpTargetFileName,
UInt32 dwFlags);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateHardLink(
string lpFileName,
string lpExistingFileName,
IntPtr lpSecurityAttributes);
public static LinkInfo GetLinkInfo(string linkPath)
{
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.ReparsePoint))
return GetReparsePointInfo(linkPath);
if (!attr.HasFlag(FileAttributes.Directory))
return GetHardLinkInfo(linkPath);
return null;
}
public static void DeleteLink(string linkPath)
{
bool success;
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.Directory))
{
success = RemoveDirectory(linkPath);
}
else
{
success = DeleteFile(linkPath);
}
if (!success)
throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath));
}
public static void CreateLink(string linkPath, String linkTarget, LinkType linkType)
{
switch (linkType)
{
case LinkType.SymbolicLink:
UInt32 linkFlags;
FileAttributes attr = File.GetAttributes(linkTarget);
if (attr.HasFlag(FileAttributes.Directory))
linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY;
else
linkFlags = SYMBOLIC_LINK_FLAG_FILE;
if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags))
throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags));
break;
case LinkType.JunctionPoint:
CreateJunctionPoint(linkPath, linkTarget);
break;
case LinkType.HardLink:
if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget));
break;
}
}
private static LinkInfo GetHardLinkInfo(string linkPath)
{
UInt32 maxPath = 260;
List<string> result = new List<string>();
StringBuilder sb = new StringBuilder((int)maxPath);
UInt32 stringLength = maxPath;
if (!GetVolumePathName(linkPath, sb, ref stringLength))
throw new LinkUtilWin32Exception("GetVolumePathName() failed");
string volume = sb.ToString();
stringLength = maxPath;
IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb);
if (findHandle.ToInt64() != INVALID_HANDLE_VALUE)
{
try
{
do
{
string hardLinkPath = sb.ToString();
if (hardLinkPath.StartsWith("\\"))
hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1);
result.Add(Path.Combine(volume, hardLinkPath));
stringLength = maxPath;
} while (FindNextFileNameW(findHandle, ref stringLength, sb));
}
finally
{
FindClose(findHandle);
}
}
if (result.Count > 1)
return new LinkInfo
{
Type = LinkType.HardLink,
HardTargets = result.ToArray()
};
return null;
}
private static LinkInfo GetReparsePointInfo(string linkPath)
{
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Read,
FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
UInt32 bytesReturned;
try
{
if (!DeviceIoControl(
fileHandle,
FSCTL_GET_REPARSE_POINT,
IntPtr.Zero,
0,
out buffer,
MAXIMUM_REPARSE_DATA_BUFFER_SIZE,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath));
}
finally
{
fileHandle.Dispose();
}
bool isRelative = false;
int pathOffset = 0;
LinkType linkType;
if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK)
{
UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]);
if (bufferFlags == SYMLINK_FLAG_RELATIVE)
isRelative = true;
pathOffset = 2;
linkType = LinkType.SymbolicLink;
}
else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT)
{
linkType = LinkType.JunctionPoint;
}
else
{
string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString());
throw new Exception(errorMessage);
}
string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR));
string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR));
// TODO: should we check for \?\UNC\server for convert it to the NT style \\server path
// Remove the leading Windows object directory \?\ from the path if present
string targetPath = substituteName;
if (targetPath.StartsWith("\\??\\"))
targetPath = targetPath.Substring(4, targetPath.Length - 4);
string absolutePath = targetPath;
if (isRelative)
absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath));
return new LinkInfo
{
Type = linkType,
PrintName = printName,
SubstituteName = substituteName,
AbsolutePath = absolutePath,
TargetPath = targetPath
};
}
private static void CreateJunctionPoint(string linkPath, string linkTarget)
{
// We need to create the link as a dir beforehand
Directory.CreateDirectory(linkPath);
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Write,
FileShare.Read | FileShare.Write | FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
try
{
string substituteName = "\\??\\" + Path.GetFullPath(linkTarget);
string printName = linkTarget;
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
buffer.SubstituteNameOffset = 0;
buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR);
buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2);
buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR);
buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT;
buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12);
buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE];
byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName);
char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes);
Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length);
UInt32 bytesReturned;
if (!DeviceIoControl(
fileHandle,
FSCTL_SET_REPARSE_POINT,
buffer,
(UInt32)(buffer.ReparseDataLength + 8),
IntPtr.Zero, 0,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget));
}
finally
{
fileHandle.Dispose();
}
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3149 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc1346d2-d667-42ec-b944-a9a3f37598e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8d8000af-2e52-4e61-9f28-06b67f35f7f4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3148 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:21:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc1346d2-d667-42ec-b944-a9a3f37598e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3147 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc1346d2-d667-42ec-b944-a9a3f37598e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3146 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc1346d2-d667-42ec-b944-a9a3f37598e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3145 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc1346d2-d667-42ec-b944-a9a3f37598e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3144 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc1346d2-d667-42ec-b944-a9a3f37598e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3143 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc1346d2-d667-42ec-b944-a9a3f37598e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3142 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc1346d2-d667-42ec-b944-a9a3f37598e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3141 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc1346d2-d667-42ec-b944-a9a3f37598e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3140 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4417f264-6cfc-4bf7-b0f3-82323abf14be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=db644185-94a8-41f4-925e-7dcd6c29485a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3139 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4417f264-6cfc-4bf7-b0f3-82323abf14be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3138 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4417f264-6cfc-4bf7-b0f3-82323abf14be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3137 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4417f264-6cfc-4bf7-b0f3-82323abf14be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3136 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4417f264-6cfc-4bf7-b0f3-82323abf14be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3135 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4417f264-6cfc-4bf7-b0f3-82323abf14be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3134 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4417f264-6cfc-4bf7-b0f3-82323abf14be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3133 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=306e0d33-6048-4308-8e5f-9a308ee38566
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=38a18498-ad42-4aa2-8818-340ae11a4be2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3132 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=22f160f7-02ce-4e0b-86c6-a16e0bb89e8d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=7a184de7-cf50-4a3e-bfdb-221f5fa4fa5c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3131 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=22f160f7-02ce-4e0b-86c6-a16e0bb89e8d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=7a184de7-cf50-4a3e-bfdb-221f5fa4fa5c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3130 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=22f160f7-02ce-4e0b-86c6-a16e0bb89e8d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3129 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=22f160f7-02ce-4e0b-86c6-a16e0bb89e8d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3128 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=22f160f7-02ce-4e0b-86c6-a16e0bb89e8d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3127 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=22f160f7-02ce-4e0b-86c6-a16e0bb89e8d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3126 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=22f160f7-02ce-4e0b-86c6-a16e0bb89e8d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3125 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=22f160f7-02ce-4e0b-86c6-a16e0bb89e8d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFMAZQByAHYAaQBjAGUAIABuAG8AdgBhAC0AYwBvAG0AcAB1AHQAZQAgAHwAIAAlAHsAJABfAC4AUwB0AGEAdAB1AHMAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3124 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=68fb0bb3-667a-4130-8d9b-3b0036b9a7f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3aa0cc70-9382-4252-ba38-fc67b23f47cf
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3123 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=68fb0bb3-667a-4130-8d9b-3b0036b9a7f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3aa0cc70-9382-4252-ba38-fc67b23f47cf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3122 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=68fb0bb3-667a-4130-8d9b-3b0036b9a7f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3121 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=68fb0bb3-667a-4130-8d9b-3b0036b9a7f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3120 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=68fb0bb3-667a-4130-8d9b-3b0036b9a7f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3119 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=68fb0bb3-667a-4130-8d9b-3b0036b9a7f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3118 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=68fb0bb3-667a-4130-8d9b-3b0036b9a7f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3117 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=68fb0bb3-667a-4130-8d9b-3b0036b9a7f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3116 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=68fb0bb3-667a-4130-8d9b-3b0036b9a7f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3115 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=68fb0bb3-667a-4130-8d9b-3b0036b9a7f9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3114 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=306e0d33-6048-4308-8e5f-9a308ee38566
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=38a18498-ad42-4aa2-8818-340ae11a4be2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3113 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=306e0d33-6048-4308-8e5f-9a308ee38566
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3112 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=306e0d33-6048-4308-8e5f-9a308ee38566
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3111 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=306e0d33-6048-4308-8e5f-9a308ee38566
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3110 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=306e0d33-6048-4308-8e5f-9a308ee38566
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3109 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=306e0d33-6048-4308-8e5f-9a308ee38566
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3108 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=306e0d33-6048-4308-8e5f-9a308ee38566
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3107 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=37
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=877c5530-d958-496a-871c-84ca74e9cd95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=372c309b-1784-43e5-8a18-e570e37ca201
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3106 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $platform_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=35
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c136080-3f89-4b10-b2d4-d2dabe308cc7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c2e1b12a-dfd2-4a15-99fd-26438841fa9d
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $platform_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Text;
namespace Ansible.PrivilegeUtil
{
[Flags]
public enum PrivilegeAttributes : uint
{
Disabled = 0x00000000,
EnabledByDefault = 0x00000001,
Enabled = 0x00000002,
Removed = 0x00000004,
UsedForAccess = 0x80000000,
}
internal class NativeHelpers
{
[StructLayout(LayoutKind.Sequential)]
internal struct LUID
{
public UInt32 LowPart;
public Int32 HighPart;
}
[StructLayout(LayoutKind.Sequential)]
internal struct LUID_AND_ATTRIBUTES
{
public LUID Luid;
public PrivilegeAttributes Attributes;
}
[StructLayout(LayoutKind.Sequential)]
internal struct TOKEN_PRIVILEGES
{
public UInt32 PrivilegeCount;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)]
public LUID_AND_ATTRIBUTES[] Privileges;
}
}
internal class NativeMethods
{
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool AdjustTokenPrivileges(
IntPtr TokenHandle,
[MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges,
IntPtr NewState,
UInt32 BufferLength,
IntPtr PreviousState,
out UInt32 ReturnLength);
[DllImport("kernel32.dll")]
internal static extern bool CloseHandle(
IntPtr hObject);
[DllImport("kernel32")]
internal static extern SafeWaitHandle GetCurrentProcess();
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool GetTokenInformation(
IntPtr TokenHandle,
UInt32 TokenInformationClass,
IntPtr TokenInformation,
UInt32 TokenInformationLength,
out UInt32 ReturnLength);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeName(
string lpSystemName,
ref NativeHelpers.LUID lpLuid,
StringBuilder lpName,
ref UInt32 cchName);
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
internal static extern bool LookupPrivilegeValue(
string lpSystemName,
string lpName,
out NativeHelpers.LUID lpLuid);
[DllImport("advapi32.dll", SetLastError = true)]
internal static extern bool OpenProcessToken(
SafeHandle ProcessHandle,
TokenAccessLevels DesiredAccess,
out IntPtr TokenHandle);
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class Privileges
{
private static readonly UInt32 TOKEN_PRIVILEGES = 3;
public static bool CheckPrivilegeName(string name)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, name, out luid))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE
throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name));
return false;
}
else
{
return true;
}
}
public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } });
}
public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token)
{
return AdjustTokenPrivileges(token, null);
}
public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege)
{
return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } });
}
public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token)
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken))
throw new Win32Exception("OpenProcessToken() failed");
Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>();
try
{
UInt32 tokenLength = 0;
NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength);
NativeHelpers.LUID_AND_ATTRIBUTES[] privileges;
IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength);
try
{
if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength))
throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed");
NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount];
PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(privilegesPtr);
}
info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes);
}
finally
{
NativeMethods.CloseHandle(hToken);
}
return info;
}
public static SafeWaitHandle GetCurrentProcess()
{
return NativeMethods.GetCurrentProcess();
}
public static void RemovePrivilege(SafeHandle token, string privilege)
{
SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } });
}
public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state)
{
NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count];
int i = 0;
foreach (KeyValuePair<string, bool?> entry in state)
{
NativeHelpers.LUID luid;
if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid))
throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key));
PrivilegeAttributes attributes;
switch (entry.Value)
{
case true:
attributes = PrivilegeAttributes.Enabled;
break;
case false:
attributes = PrivilegeAttributes.Disabled;
break;
default:
attributes = PrivilegeAttributes.Removed;
break;
}
privilegeAttr[i].Luid = luid;
privilegeAttr[i].Attributes = attributes;
i++;
}
return AdjustTokenPrivileges(token, privilegeAttr);
}
private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState)
{
bool disableAllPrivileges;
IntPtr newStatePtr;
NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges;
UInt32 returnLength;
if (newState == null)
{
disableAllPrivileges = true;
newStatePtr = IntPtr.Zero;
}
else
{
disableAllPrivileges = false;
// Need to manually marshal the bytes requires for newState as the constant size
// of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES
// always contains at least 1 entry so we need to calculate the extra size if there are
// nore than 1 LUID_AND_ATTRIBUTES entry
int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES));
int luidAttrSize = 0;
if (newState.Length > 1)
luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1);
int totalSize = tokenPrivilegesSize + luidAttrSize;
byte[] newStateBytes = new byte[totalSize];
// get the first entry that includes the struct details
NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES()
{
PrivilegeCount = (UInt32)newState.Length,
Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1],
};
if (newState.Length > 0)
tokenPrivileges.Privileges[0] = newState[0];
int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0);
// copy the remaining LUID_AND_ATTRIBUTES (if any)
for (int i = 1; i < newState.Length; i++)
offset += StructureToBytes(newState[i], newStateBytes, offset);
// finally create the pointer to the byte array we just created
newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length);
Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length);
}
try
{
IntPtr hToken = IntPtr.Zero;
if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken))
throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges");
try
{
IntPtr oldStatePtr = Marshal.AllocHGlobal(0);
if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength))
{
int errCode = Marshal.GetLastWin32Error();
if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size");
}
// resize the oldStatePtr based on the length returned from Windows
Marshal.FreeHGlobal(oldStatePtr);
oldStatePtr = Marshal.AllocHGlobal((int)returnLength);
try
{
bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength);
int errCode = Marshal.GetLastWin32Error();
// even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code
if (!res || errCode != 0)
throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed");
// Marshal the oldStatePtr to the struct
NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES));
oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount];
PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount)));
}
finally
{
Marshal.FreeHGlobal(oldStatePtr);
}
}
finally
{
NativeMethods.CloseHandle(hToken);
}
}
finally
{
if (newStatePtr != IntPtr.Zero)
Marshal.FreeHGlobal(newStatePtr);
}
return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled));
}
private static string GetPrivilegeName(NativeHelpers.LUID luid)
{
UInt32 nameLen = 0;
NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen);
StringBuilder name = new StringBuilder((int)(nameLen + 1));
if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen))
throw new Win32Exception("LookupPrivilegeName() failed");
return name.ToString();
}
private static void PtrToStructureArray<T>(T[] array, IntPtr ptr)
{
IntPtr ptrOffset = ptr;
for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T))))
array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T));
}
private static int StructureToBytes<T>(T structure, byte[] array, int offset)
{
int size = Marshal.SizeOf(structure);
IntPtr structPtr = Marshal.AllocHGlobal(size);
try
{
Marshal.StructureToPtr(structure, structPtr, false);
Marshal.Copy(structPtr, array, offset, size);
}
finally
{
Marshal.FreeHGlobal(structPtr);
}
return size;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3105 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $link_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c136080-3f89-4b10-b2d4-d2dabe308cc7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c2e1b12a-dfd2-4a15-99fd-26438841fa9d
PipelineId=8
ScriptName=
CommandLine= Add-Type -TypeDefinition $link_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections.Generic;
using System.IO;
using System.Runtime.InteropServices;
using System.Text;
namespace Ansible
{
public enum LinkType
{
SymbolicLink,
JunctionPoint,
HardLink
}
public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); }
}
public class LinkInfo
{
public LinkType Type { get; internal set; }
public string PrintName { get; internal set; }
public string SubstituteName { get; internal set; }
public string AbsolutePath { get; internal set; }
public string TargetPath { get; internal set; }
public string[] HardTargets { get; internal set; }
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
public struct REPARSE_DATA_BUFFER
{
public UInt32 ReparseTag;
public UInt16 ReparseDataLength;
public UInt16 Reserved;
public UInt16 SubstituteNameOffset;
public UInt16 SubstituteNameLength;
public UInt16 PrintNameOffset;
public UInt16 PrintNameLength;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)]
public char[] PathBuffer;
}
public class LinkUtil
{
public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16;
private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000;
private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000;
private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8;
private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4;
private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000;
private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003;
private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C;
private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001;
private const Int64 INVALID_HANDLE_VALUE = -1;
private const UInt32 SIZE_OF_WCHAR = 2;
private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000;
private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001;
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
private static extern SafeFileHandle CreateFile(
string lpFileName,
[MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess,
[MarshalAs(UnmanagedType.U4)] FileShare dwShareMode,
IntPtr lpSecurityAttributes,
[MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition,
UInt32 dwFlagsAndAttributes,
IntPtr hTemplateFile);
// Used by GetReparsePointInfo()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
IntPtr lpInBuffer,
UInt32 nInBufferSize,
out REPARSE_DATA_BUFFER lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
// Used by CreateJunctionPoint()
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeviceIoControl(
SafeFileHandle hDevice,
UInt32 dwIoControlCode,
REPARSE_DATA_BUFFER lpInBuffer,
UInt32 nInBufferSize,
IntPtr lpOutBuffer,
UInt32 nOutBufferSize,
out UInt32 lpBytesReturned,
IntPtr lpOverlapped);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool GetVolumePathName(
string lpszFileName,
StringBuilder lpszVolumePathName,
ref UInt32 cchBufferLength);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern IntPtr FindFirstFileNameW(
string lpFileName,
UInt32 dwFlags,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool FindNextFileNameW(
IntPtr hFindStream,
ref UInt32 StringLength,
StringBuilder LinkName);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool FindClose(
IntPtr hFindFile);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool RemoveDirectory(
string lpPathName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool DeleteFile(
string lpFileName);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateSymbolicLink(
string lpSymlinkFileName,
string lpTargetFileName,
UInt32 dwFlags);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
private static extern bool CreateHardLink(
string lpFileName,
string lpExistingFileName,
IntPtr lpSecurityAttributes);
public static LinkInfo GetLinkInfo(string linkPath)
{
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.ReparsePoint))
return GetReparsePointInfo(linkPath);
if (!attr.HasFlag(FileAttributes.Directory))
return GetHardLinkInfo(linkPath);
return null;
}
public static void DeleteLink(string linkPath)
{
bool success;
FileAttributes attr = File.GetAttributes(linkPath);
if (attr.HasFlag(FileAttributes.Directory))
{
success = RemoveDirectory(linkPath);
}
else
{
success = DeleteFile(linkPath);
}
if (!success)
throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath));
}
public static void CreateLink(string linkPath, String linkTarget, LinkType linkType)
{
switch (linkType)
{
case LinkType.SymbolicLink:
UInt32 linkFlags;
FileAttributes attr = File.GetAttributes(linkTarget);
if (attr.HasFlag(FileAttributes.Directory))
linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY;
else
linkFlags = SYMBOLIC_LINK_FLAG_FILE;
if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags))
throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags));
break;
case LinkType.JunctionPoint:
CreateJunctionPoint(linkPath, linkTarget);
break;
case LinkType.HardLink:
if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget));
break;
}
}
private static LinkInfo GetHardLinkInfo(string linkPath)
{
UInt32 maxPath = 260;
List<string> result = new List<string>();
StringBuilder sb = new StringBuilder((int)maxPath);
UInt32 stringLength = maxPath;
if (!GetVolumePathName(linkPath, sb, ref stringLength))
throw new LinkUtilWin32Exception("GetVolumePathName() failed");
string volume = sb.ToString();
stringLength = maxPath;
IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb);
if (findHandle.ToInt64() != INVALID_HANDLE_VALUE)
{
try
{
do
{
string hardLinkPath = sb.ToString();
if (hardLinkPath.StartsWith("\\"))
hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1);
result.Add(Path.Combine(volume, hardLinkPath));
stringLength = maxPath;
} while (FindNextFileNameW(findHandle, ref stringLength, sb));
}
finally
{
FindClose(findHandle);
}
}
if (result.Count > 1)
return new LinkInfo
{
Type = LinkType.HardLink,
HardTargets = result.ToArray()
};
return null;
}
private static LinkInfo GetReparsePointInfo(string linkPath)
{
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Read,
FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
UInt32 bytesReturned;
try
{
if (!DeviceIoControl(
fileHandle,
FSCTL_GET_REPARSE_POINT,
IntPtr.Zero,
0,
out buffer,
MAXIMUM_REPARSE_DATA_BUFFER_SIZE,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath));
}
finally
{
fileHandle.Dispose();
}
bool isRelative = false;
int pathOffset = 0;
LinkType linkType;
if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK)
{
UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]);
if (bufferFlags == SYMLINK_FLAG_RELATIVE)
isRelative = true;
pathOffset = 2;
linkType = LinkType.SymbolicLink;
}
else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT)
{
linkType = LinkType.JunctionPoint;
}
else
{
string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString());
throw new Exception(errorMessage);
}
string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR));
string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR));
// TODO: should we check for \?\UNC\server for convert it to the NT style \\server path
// Remove the leading Windows object directory \?\ from the path if present
string targetPath = substituteName;
if (targetPath.StartsWith("\\??\\"))
targetPath = targetPath.Substring(4, targetPath.Length - 4);
string absolutePath = targetPath;
if (isRelative)
absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath));
return new LinkInfo
{
Type = linkType,
PrintName = printName,
SubstituteName = substituteName,
AbsolutePath = absolutePath,
TargetPath = targetPath
};
}
private static void CreateJunctionPoint(string linkPath, string linkTarget)
{
// We need to create the link as a dir beforehand
Directory.CreateDirectory(linkPath);
SafeFileHandle fileHandle = CreateFile(
linkPath,
FileAccess.Write,
FileShare.Read | FileShare.Write | FileShare.None,
IntPtr.Zero,
FileMode.Open,
FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT,
IntPtr.Zero);
if (fileHandle.IsInvalid)
throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath));
try
{
string substituteName = "\\??\\" + Path.GetFullPath(linkTarget);
string printName = linkTarget;
REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER();
buffer.SubstituteNameOffset = 0;
buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR);
buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2);
buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR);
buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT;
buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12);
buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE];
byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName);
char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes);
Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length);
UInt32 bytesReturned;
if (!DeviceIoControl(
fileHandle,
FSCTL_SET_REPARSE_POINT,
buffer,
(UInt32)(buffer.ReparseDataLength + 8),
IntPtr.Zero, 0,
out bytesReturned,
IntPtr.Zero))
throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget));
}
finally
{
fileHandle.Dispose();
}
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3104 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c136080-3f89-4b10-b2d4-d2dabe308cc7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c2e1b12a-dfd2-4a15-99fd-26438841fa9d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3103 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c136080-3f89-4b10-b2d4-d2dabe308cc7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3102 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c136080-3f89-4b10-b2d4-d2dabe308cc7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3101 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c136080-3f89-4b10-b2d4-d2dabe308cc7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3100 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c136080-3f89-4b10-b2d4-d2dabe308cc7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3099 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c136080-3f89-4b10-b2d4-d2dabe308cc7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3098 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c136080-3f89-4b10-b2d4-d2dabe308cc7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3097 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c136080-3f89-4b10-b2d4-d2dabe308cc7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3096 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c136080-3f89-4b10-b2d4-d2dabe308cc7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3095 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=877c5530-d958-496a-871c-84ca74e9cd95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=372c309b-1784-43e5-8a18-e570e37ca201
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3094 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=877c5530-d958-496a-871c-84ca74e9cd95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3093 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=877c5530-d958-496a-871c-84ca74e9cd95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3092 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=877c5530-d958-496a-871c-84ca74e9cd95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3091 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=877c5530-d958-496a-871c-84ca74e9cd95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3090 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=877c5530-d958-496a-871c-84ca74e9cd95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3089 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=877c5530-d958-496a-871c-84ca74e9cd95
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3088 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=36
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=11d81367-7261-431e-81d6-32de628554a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0d0b9274-d6e4-4e76-98b6-db3a0bc473d6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3087 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=34
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47ae6949-2822-486d-a30a-54373af04681
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ea709268-8306-408b-a5fb-0f381f75f901
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3086 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47ae6949-2822-486d-a30a-54373af04681
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ea709268-8306-408b-a5fb-0f381f75f901
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3085 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47ae6949-2822-486d-a30a-54373af04681
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3084 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47ae6949-2822-486d-a30a-54373af04681
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3083 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47ae6949-2822-486d-a30a-54373af04681
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3082 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47ae6949-2822-486d-a30a-54373af04681
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3081 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47ae6949-2822-486d-a30a-54373af04681
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3080 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47ae6949-2822-486d-a30a-54373af04681
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3079 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47ae6949-2822-486d-a30a-54373af04681
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3078 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=47ae6949-2822-486d-a30a-54373af04681
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3077 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=11d81367-7261-431e-81d6-32de628554a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0d0b9274-d6e4-4e76-98b6-db3a0bc473d6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3076 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=11d81367-7261-431e-81d6-32de628554a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3075 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=11d81367-7261-431e-81d6-32de628554a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3074 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=11d81367-7261-431e-81d6-32de628554a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3073 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=11d81367-7261-431e-81d6-32de628554a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3072 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=11d81367-7261-431e-81d6-32de628554a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3071 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=11d81367-7261-431e-81d6-32de628554a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3070 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:20:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=34
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=752cfda5-a4d8-414b-8a17-11a10980628e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ecc0fb92-34be-42cb-966d-82efe7f184d8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3069 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e76ba1b4-ae81-41ab-a3c7-c13778249639
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=94d82ef1-d359-4f1e-99ce-27431388fca5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3068 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e76ba1b4-ae81-41ab-a3c7-c13778249639
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3067 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e76ba1b4-ae81-41ab-a3c7-c13778249639
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3066 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e76ba1b4-ae81-41ab-a3c7-c13778249639
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3065 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e76ba1b4-ae81-41ab-a3c7-c13778249639
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3064 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e76ba1b4-ae81-41ab-a3c7-c13778249639
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3063 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e76ba1b4-ae81-41ab-a3c7-c13778249639
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3062 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e76ba1b4-ae81-41ab-a3c7-c13778249639
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3061 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e76ba1b4-ae81-41ab-a3c7-c13778249639
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3060 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=752cfda5-a4d8-414b-8a17-11a10980628e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ecc0fb92-34be-42cb-966d-82efe7f184d8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3059 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=752cfda5-a4d8-414b-8a17-11a10980628e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3058 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=752cfda5-a4d8-414b-8a17-11a10980628e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3057 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=752cfda5-a4d8-414b-8a17-11a10980628e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3056 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=752cfda5-a4d8-414b-8a17-11a10980628e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3055 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=752cfda5-a4d8-414b-8a17-11a10980628e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3054 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=752cfda5-a4d8-414b-8a17-11a10980628e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3053 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=34
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8555c18c-93b5-486b-85dc-b0686ca9aba1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4dfee142-609a-49dc-8736-d37e968f29d0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3052 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd857751-68d0-4c0f-80ab-befe79e581e6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=06017772-8736-4f7a-a16f-3d4751dba0ed
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3051 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd857751-68d0-4c0f-80ab-befe79e581e6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3050 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd857751-68d0-4c0f-80ab-befe79e581e6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3049 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd857751-68d0-4c0f-80ab-befe79e581e6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3048 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd857751-68d0-4c0f-80ab-befe79e581e6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3047 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd857751-68d0-4c0f-80ab-befe79e581e6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3046 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd857751-68d0-4c0f-80ab-befe79e581e6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3045 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd857751-68d0-4c0f-80ab-befe79e581e6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3044 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd857751-68d0-4c0f-80ab-befe79e581e6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3043 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8555c18c-93b5-486b-85dc-b0686ca9aba1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4dfee142-609a-49dc-8736-d37e968f29d0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3042 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8555c18c-93b5-486b-85dc-b0686ca9aba1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3041 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8555c18c-93b5-486b-85dc-b0686ca9aba1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3040 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8555c18c-93b5-486b-85dc-b0686ca9aba1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3039 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8555c18c-93b5-486b-85dc-b0686ca9aba1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3038 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8555c18c-93b5-486b-85dc-b0686ca9aba1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3037 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8555c18c-93b5-486b-85dc-b0686ca9aba1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3036 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8349959c-4394-4d3f-afbf-26ab4e8d0cfb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f68cdf9c-aa46-48ee-a41b-7f3e32f219e3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3035 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e232c1d-1829-4bf1-983c-b8114d569a9b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA=
EngineVersion=5.1.14393.1944
RunspaceId=797b9c58-9369-4fda-96c3-6e3314700a82
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3034 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e232c1d-1829-4bf1-983c-b8114d569a9b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA=
EngineVersion=5.1.14393.1944
RunspaceId=797b9c58-9369-4fda-96c3-6e3314700a82
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3033 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e232c1d-1829-4bf1-983c-b8114d569a9b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3032 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e232c1d-1829-4bf1-983c-b8114d569a9b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3031 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e232c1d-1829-4bf1-983c-b8114d569a9b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3030 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e232c1d-1829-4bf1-983c-b8114d569a9b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3029 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e232c1d-1829-4bf1-983c-b8114d569a9b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3028 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e232c1d-1829-4bf1-983c-b8114d569a9b
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQBWAGkAcgB0AHUAYQBsAE0AYQBjAGgAaQBuAGUATQBpAGcAcgBhAHQAaQBvAG4AQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFQAeQBwAGUAIABLAGUAcgBiAGUAcgBvAHMAIAAtAHAAYQBzAHMAdABoAHIAdQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAcwBpAGwAZQBuAHQAbAB5AGMAbwBuAHQAaQBuAHUAZQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3027 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=38d0de59-5635-4c16-8642-9a21774e5d74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=68bb83b1-d9b3-4b60-b764-c520165ab6d2
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3026 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=38d0de59-5635-4c16-8642-9a21774e5d74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=68bb83b1-d9b3-4b60-b764-c520165ab6d2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3025 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=38d0de59-5635-4c16-8642-9a21774e5d74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3024 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=38d0de59-5635-4c16-8642-9a21774e5d74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3023 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=38d0de59-5635-4c16-8642-9a21774e5d74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3022 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=38d0de59-5635-4c16-8642-9a21774e5d74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3021 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=38d0de59-5635-4c16-8642-9a21774e5d74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3020 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=38d0de59-5635-4c16-8642-9a21774e5d74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3019 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=38d0de59-5635-4c16-8642-9a21774e5d74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3018 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=38d0de59-5635-4c16-8642-9a21774e5d74
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3017 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8349959c-4394-4d3f-afbf-26ab4e8d0cfb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f68cdf9c-aa46-48ee-a41b-7f3e32f219e3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3016 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8349959c-4394-4d3f-afbf-26ab4e8d0cfb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3015 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8349959c-4394-4d3f-afbf-26ab4e8d0cfb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3014 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8349959c-4394-4d3f-afbf-26ab4e8d0cfb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3013 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8349959c-4394-4d3f-afbf-26ab4e8d0cfb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3012 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8349959c-4394-4d3f-afbf-26ab4e8d0cfb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3011 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8349959c-4394-4d3f-afbf-26ab4e8d0cfb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3010 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=57e74943-1d2d-4fb8-993b-ae9b50dd0c63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=89b0db71-67fb-4761-a490-9fdb50e4ef81
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3009 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7794033b-33fb-4c27-a596-0204fcd40194
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA
EngineVersion=5.1.14393.1944
RunspaceId=a0e811b5-43cc-43f7-ae96-a84c5b87870b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 3008 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7794033b-33fb-4c27-a596-0204fcd40194
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA
EngineVersion=5.1.14393.1944
RunspaceId=a0e811b5-43cc-43f7-ae96-a84c5b87870b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 3007 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7794033b-33fb-4c27-a596-0204fcd40194
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3006 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7794033b-33fb-4c27-a596-0204fcd40194
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3005 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7794033b-33fb-4c27-a596-0204fcd40194
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3004 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7794033b-33fb-4c27-a596-0204fcd40194
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3003 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7794033b-33fb-4c27-a596-0204fcd40194
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3002 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7794033b-33fb-4c27-a596-0204fcd40194
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAdAAtAFYATQBIAG8AcwB0ACAALQB1AHMAZQBhAG4AeQBuAGUAdAB3AG8AcgBrAGYAbwByAG0AaQBnAHIAYQB0AGkAbwBuACAAJAB0AHIAdQBlACAALQBwAGEAcwBzAHQAaAByAHUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAHMAaQBsAGUAbgB0AGwAeQBjAG8AbgB0AGkAbgB1AGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3001 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=880137fa-5fb5-471c-8a91-e98102478617
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d0c79e9a-cbaa-47c5-9066-0b71424267ad
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 3000 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=880137fa-5fb5-471c-8a91-e98102478617
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d0c79e9a-cbaa-47c5-9066-0b71424267ad
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2999 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=880137fa-5fb5-471c-8a91-e98102478617
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2998 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=880137fa-5fb5-471c-8a91-e98102478617
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2997 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=880137fa-5fb5-471c-8a91-e98102478617
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2996 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=880137fa-5fb5-471c-8a91-e98102478617
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2995 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=880137fa-5fb5-471c-8a91-e98102478617
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2994 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=880137fa-5fb5-471c-8a91-e98102478617
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2993 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=880137fa-5fb5-471c-8a91-e98102478617
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2992 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=880137fa-5fb5-471c-8a91-e98102478617
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2991 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=57e74943-1d2d-4fb8-993b-ae9b50dd0c63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=89b0db71-67fb-4761-a490-9fdb50e4ef81
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2990 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=57e74943-1d2d-4fb8-993b-ae9b50dd0c63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2989 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=57e74943-1d2d-4fb8-993b-ae9b50dd0c63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2988 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=57e74943-1d2d-4fb8-993b-ae9b50dd0c63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2987 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=57e74943-1d2d-4fb8-993b-ae9b50dd0c63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2986 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=57e74943-1d2d-4fb8-993b-ae9b50dd0c63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2985 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=57e74943-1d2d-4fb8-993b-ae9b50dd0c63
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2984 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2fc3063-5b34-4439-ac33-892d66b6b5c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5ad9e9ec-736d-4972-97f3-6833bdb9c435
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2983 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea08ef34-9952-4daa-9ca2-0d758048fdb2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA==
EngineVersion=5.1.14393.1944
RunspaceId=78f7aa15-c2b1-4f91-bd5e-bb3d8035ffba
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2982 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea08ef34-9952-4daa-9ca2-0d758048fdb2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA==
EngineVersion=5.1.14393.1944
RunspaceId=78f7aa15-c2b1-4f91-bd5e-bb3d8035ffba
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2981 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea08ef34-9952-4daa-9ca2-0d758048fdb2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2980 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea08ef34-9952-4daa-9ca2-0d758048fdb2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2979 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea08ef34-9952-4daa-9ca2-0d758048fdb2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2978 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea08ef34-9952-4daa-9ca2-0d758048fdb2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2977 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea08ef34-9952-4daa-9ca2-0d758048fdb2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2976 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea08ef34-9952-4daa-9ca2-0d758048fdb2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBNAGkAZwByAGEAdABpAG8AbgAgAC0AcABhAHMAcwB0AGgAcgB1ACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABzAGkAbABlAG4AdABsAHkAYwBvAG4AdABpAG4AdQBlAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2975 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b85bc0e7-4080-4e01-938e-33588c979bc4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2e3c7ca2-4f31-4692-94ce-b94e8691981b
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2974 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b85bc0e7-4080-4e01-938e-33588c979bc4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2e3c7ca2-4f31-4692-94ce-b94e8691981b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2973 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b85bc0e7-4080-4e01-938e-33588c979bc4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2972 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b85bc0e7-4080-4e01-938e-33588c979bc4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2971 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b85bc0e7-4080-4e01-938e-33588c979bc4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2970 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b85bc0e7-4080-4e01-938e-33588c979bc4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2969 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b85bc0e7-4080-4e01-938e-33588c979bc4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2968 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b85bc0e7-4080-4e01-938e-33588c979bc4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2967 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b85bc0e7-4080-4e01-938e-33588c979bc4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2966 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b85bc0e7-4080-4e01-938e-33588c979bc4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2965 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2fc3063-5b34-4439-ac33-892d66b6b5c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5ad9e9ec-736d-4972-97f3-6833bdb9c435
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2964 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2fc3063-5b34-4439-ac33-892d66b6b5c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2963 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2fc3063-5b34-4439-ac33-892d66b6b5c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2962 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2fc3063-5b34-4439-ac33-892d66b6b5c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2961 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2fc3063-5b34-4439-ac33-892d66b6b5c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2960 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2fc3063-5b34-4439-ac33-892d66b6b5c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2959 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2fc3063-5b34-4439-ac33-892d66b6b5c2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2958 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5056affa-cb43-4383-9069-a92694352a98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=54181939-bea0-40fa-b985-19101a5a6014
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2957 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1a203565-ae07-4298-8365-8e8825945f6d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADcAMAA1ADYANQA4AC0AMQA2AC4AbABvAGMAYQBsACAALQB2ACAAUwBlAFMAZQByAHYAaQBjAGUATABvAGcAbwBuAFIAaQBnAGgAdAA=
EngineVersion=5.1.14393.1944
RunspaceId=ec9b55d6-3f39-462a-9caa-429930b153ea
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2956 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1a203565-ae07-4298-8365-8e8825945f6d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADcAMAA1ADYANQA4AC0AMQA2AC4AbABvAGMAYQBsACAALQB2ACAAUwBlAFMAZQByAHYAaQBjAGUATABvAGcAbwBuAFIAaQBnAGgAdAA=
EngineVersion=5.1.14393.1944
RunspaceId=ec9b55d6-3f39-462a-9caa-429930b153ea
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2955 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1a203565-ae07-4298-8365-8e8825945f6d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADcAMAA1ADYANQA4AC0AMQA2AC4AbABvAGMAYQBsACAALQB2ACAAUwBlAFMAZQByAHYAaQBjAGUATABvAGcAbwBuAFIAaQBnAGgAdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2954 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1a203565-ae07-4298-8365-8e8825945f6d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADcAMAA1ADYANQA4AC0AMQA2AC4AbABvAGMAYQBsACAALQB2ACAAUwBlAFMAZQByAHYAaQBjAGUATABvAGcAbwBuAFIAaQBnAGgAdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2953 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1a203565-ae07-4298-8365-8e8825945f6d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADcAMAA1ADYANQA4AC0AMQA2AC4AbABvAGMAYQBsACAALQB2ACAAUwBlAFMAZQByAHYAaQBjAGUATABvAGcAbwBuAFIAaQBnAGgAdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2952 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1a203565-ae07-4298-8365-8e8825945f6d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADcAMAA1ADYANQA4AC0AMQA2AC4AbABvAGMAYQBsACAALQB2ACAAUwBlAFMAZQByAHYAaQBjAGUATABvAGcAbwBuAFIAaQBnAGgAdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2951 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1a203565-ae07-4298-8365-8e8825945f6d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADcAMAA1ADYANQA4AC0AMQA2AC4AbABvAGMAYQBsACAALQB2ACAAUwBlAFMAZQByAHYAaQBjAGUATABvAGcAbwBuAFIAaQBnAGgAdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2950 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1a203565-ae07-4298-8365-8e8825945f6d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAaQBuAFwAUwBlAHQAVQBzAGUAcgBBAGMAYwBvAHUAbgB0AFIAaQBnAGgAdABzAC4AZQB4AGUAIAAtAGcAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByAEAAYwBiAGMAaQAtADcAMAA1ADYANQA4AC0AMQA2AC4AbABvAGMAYQBsACAALQB2ACAAUwBlAFMAZQByAHYAaQBjAGUATABvAGcAbwBuAFIAaQBnAGgAdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2949 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1a368ac8-7a08-4e90-8ad5-456f9052b649
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f9ce8434-5a84-400a-bd07-e1c40a5b3342
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2948 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:19:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1a368ac8-7a08-4e90-8ad5-456f9052b649
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f9ce8434-5a84-400a-bd07-e1c40a5b3342
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2947 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1a368ac8-7a08-4e90-8ad5-456f9052b649
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2946 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1a368ac8-7a08-4e90-8ad5-456f9052b649
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2945 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1a368ac8-7a08-4e90-8ad5-456f9052b649
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2944 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1a368ac8-7a08-4e90-8ad5-456f9052b649
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2943 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1a368ac8-7a08-4e90-8ad5-456f9052b649
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2942 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1a368ac8-7a08-4e90-8ad5-456f9052b649
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2941 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1a368ac8-7a08-4e90-8ad5-456f9052b649
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2940 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1a368ac8-7a08-4e90-8ad5-456f9052b649
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2939 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5056affa-cb43-4383-9069-a92694352a98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=54181939-bea0-40fa-b985-19101a5a6014
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2938 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5056affa-cb43-4383-9069-a92694352a98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2937 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5056affa-cb43-4383-9069-a92694352a98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2936 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5056affa-cb43-4383-9069-a92694352a98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2935 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5056affa-cb43-4383-9069-a92694352a98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2934 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5056affa-cb43-4383-9069-a92694352a98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2933 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5056affa-cb43-4383-9069-a92694352a98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2932 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=03e29d06-def3-4983-b109-59f01d03ff52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA
EngineVersion=5.1.14393.1944
RunspaceId=e3026cf4-ccf9-45ad-a5da-466f049b5456
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2931 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=03e29d06-def3-4983-b109-59f01d03ff52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA
EngineVersion=5.1.14393.1944
RunspaceId=e3026cf4-ccf9-45ad-a5da-466f049b5456
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2930 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=03e29d06-def3-4983-b109-59f01d03ff52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2929 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=03e29d06-def3-4983-b109-59f01d03ff52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2928 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=03e29d06-def3-4983-b109-59f01d03ff52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2927 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=03e29d06-def3-4983-b109-59f01d03ff52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2926 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=03e29d06-def3-4983-b109-59f01d03ff52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2925 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=03e29d06-def3-4983-b109-59f01d03ff52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand dwBoAG8AYQBtAGkA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2924 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54eceedb-0341-4e7f-83cf-eceac460a460
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=5.1.14393.1944
RunspaceId=373368e0-7150-4a77-b9cb-9b5088e18511
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2923 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54eceedb-0341-4e7f-83cf-eceac460a460
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=5.1.14393.1944
RunspaceId=373368e0-7150-4a77-b9cb-9b5088e18511
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2922 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54eceedb-0341-4e7f-83cf-eceac460a460
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2921 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54eceedb-0341-4e7f-83cf-eceac460a460
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2920 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54eceedb-0341-4e7f-83cf-eceac460a460
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2919 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54eceedb-0341-4e7f-83cf-eceac460a460
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2918 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54eceedb-0341-4e7f-83cf-eceac460a460
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2917 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54eceedb-0341-4e7f-83cf-eceac460a460
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2916 | PowerShell | | Windows PowerShell | | | n-h1-705658-16.cbci-705658-16.local | | 1/28/2021 6:18:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7192b3f-1229-446d-a233-6e6065f0eaa3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=5.1.14393.1944
RunspaceId=08c78783-fdf2-4642-b4fc-8e01f039462f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2915 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7192b3f-1229-446d-a233-6e6065f0eaa3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=5.1.14393.1944
RunspaceId=08c78783-fdf2-4642-b4fc-8e01f039462f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2914 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7192b3f-1229-446d-a233-6e6065f0eaa3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2913 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7192b3f-1229-446d-a233-6e6065f0eaa3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2912 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7192b3f-1229-446d-a233-6e6065f0eaa3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2911 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7192b3f-1229-446d-a233-6e6065f0eaa3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2910 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7192b3f-1229-446d-a233-6e6065f0eaa3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2909 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a7192b3f-1229-446d-a233-6e6065f0eaa3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2908 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bed56979-c759-4610-b037-a36b1f0298c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=5.1.14393.1944
RunspaceId=c112bcf3-b05f-420b-a2fd-6c9e286f9d9e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2907 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bed56979-c759-4610-b037-a36b1f0298c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=5.1.14393.1944
RunspaceId=c112bcf3-b05f-420b-a2fd-6c9e286f9d9e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2906 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bed56979-c759-4610-b037-a36b1f0298c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2905 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bed56979-c759-4610-b037-a36b1f0298c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2904 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bed56979-c759-4610-b037-a36b1f0298c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2903 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bed56979-c759-4610-b037-a36b1f0298c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2902 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bed56979-c759-4610-b037-a36b1f0298c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2901 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bed56979-c759-4610-b037-a36b1f0298c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2900 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24f2f198-37aa-4824-b56c-afddb9e95a98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA=
EngineVersion=5.1.14393.1944
RunspaceId=bb822e43-a608-4a18-9450-781e9d02d1e0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2899 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24f2f198-37aa-4824-b56c-afddb9e95a98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA=
EngineVersion=5.1.14393.1944
RunspaceId=bb822e43-a608-4a18-9450-781e9d02d1e0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2898 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24f2f198-37aa-4824-b56c-afddb9e95a98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2897 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24f2f198-37aa-4824-b56c-afddb9e95a98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2896 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24f2f198-37aa-4824-b56c-afddb9e95a98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2895 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24f2f198-37aa-4824-b56c-afddb9e95a98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2894 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24f2f198-37aa-4824-b56c-afddb9e95a98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2893 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=24f2f198-37aa-4824-b56c-afddb9e95a98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand cwBoAHUAdABkAG8AdwBuACAALwByACAALwB0ACAAMgAgAC8AYwAgACIAUgBlAGIAbwBvAHQAIABpAG4AaQB0AGkAYQB0AGUAZAAgAGIAeQAgAEEAbgBzAGkAYgBsAGUAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2892 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0dda1ef9-c635-42d5-a0d2-7673a37f6a58
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=5.1.14393.1944
RunspaceId=09ac52c8-ff76-47b2-86d7-e93e5fa3dc48
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2891 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0dda1ef9-c635-42d5-a0d2-7673a37f6a58
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=5.1.14393.1944
RunspaceId=09ac52c8-ff76-47b2-86d7-e93e5fa3dc48
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2890 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0dda1ef9-c635-42d5-a0d2-7673a37f6a58
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2889 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0dda1ef9-c635-42d5-a0d2-7673a37f6a58
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2888 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0dda1ef9-c635-42d5-a0d2-7673a37f6a58
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2887 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0dda1ef9-c635-42d5-a0d2-7673a37f6a58
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2886 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0dda1ef9-c635-42d5-a0d2-7673a37f6a58
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2885 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0dda1ef9-c635-42d5-a0d2-7673a37f6a58
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2884 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4373f0de-af65-4f26-a196-7f9abc4c256b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a4e309e5-aa3b-4b49-b67b-66bded6378e1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2883 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a739b2a1-8818-4a23-a226-b0c9ae4fa93d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a00cdaf6-88ff-4747-a206-1db29f42b5f5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2882 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a739b2a1-8818-4a23-a226-b0c9ae4fa93d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2881 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a739b2a1-8818-4a23-a226-b0c9ae4fa93d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2880 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a739b2a1-8818-4a23-a226-b0c9ae4fa93d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2879 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a739b2a1-8818-4a23-a226-b0c9ae4fa93d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2878 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a739b2a1-8818-4a23-a226-b0c9ae4fa93d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2877 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a739b2a1-8818-4a23-a226-b0c9ae4fa93d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2876 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a739b2a1-8818-4a23-a226-b0c9ae4fa93d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2875 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a739b2a1-8818-4a23-a226-b0c9ae4fa93d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2874 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4373f0de-af65-4f26-a196-7f9abc4c256b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a4e309e5-aa3b-4b49-b67b-66bded6378e1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2873 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4373f0de-af65-4f26-a196-7f9abc4c256b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2872 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4373f0de-af65-4f26-a196-7f9abc4c256b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2871 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4373f0de-af65-4f26-a196-7f9abc4c256b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2870 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4373f0de-af65-4f26-a196-7f9abc4c256b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2869 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4373f0de-af65-4f26-a196-7f9abc4c256b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2868 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4373f0de-af65-4f26-a196-7f9abc4c256b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2867 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3a51bd3-599b-471f-a918-5bf6dcf46e71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f74d16f9-1196-4c73-a382-86ff769fa8a4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2866 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d830357c-3bb6-41c7-ab63-f2c21bf4e50b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3e3743ec-851d-462d-92c6-cce3ac10eca5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2865 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d830357c-3bb6-41c7-ab63-f2c21bf4e50b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2864 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d830357c-3bb6-41c7-ab63-f2c21bf4e50b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2863 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d830357c-3bb6-41c7-ab63-f2c21bf4e50b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2862 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d830357c-3bb6-41c7-ab63-f2c21bf4e50b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2861 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d830357c-3bb6-41c7-ab63-f2c21bf4e50b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2860 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d830357c-3bb6-41c7-ab63-f2c21bf4e50b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2859 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d830357c-3bb6-41c7-ab63-f2c21bf4e50b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2858 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d830357c-3bb6-41c7-ab63-f2c21bf4e50b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2857 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3a51bd3-599b-471f-a918-5bf6dcf46e71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f74d16f9-1196-4c73-a382-86ff769fa8a4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2856 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3a51bd3-599b-471f-a918-5bf6dcf46e71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2855 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3a51bd3-599b-471f-a918-5bf6dcf46e71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2854 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3a51bd3-599b-471f-a918-5bf6dcf46e71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2853 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3a51bd3-599b-471f-a918-5bf6dcf46e71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2852 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3a51bd3-599b-471f-a918-5bf6dcf46e71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2851 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3a51bd3-599b-471f-a918-5bf6dcf46e71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2850 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fce8d126-440c-42ca-86ca-4b729f1a7180
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8db91729-19ff-4bde-bd92-9f4afe5efdd4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2849 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=22b642f6-4494-4a89-a079-b48298c68696
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9ee9cab6-4164-4b20-be5d-58a6f3083354
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2848 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=22b642f6-4494-4a89-a079-b48298c68696
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2847 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=22b642f6-4494-4a89-a079-b48298c68696
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2846 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=22b642f6-4494-4a89-a079-b48298c68696
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2845 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=22b642f6-4494-4a89-a079-b48298c68696
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2844 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=22b642f6-4494-4a89-a079-b48298c68696
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2843 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=22b642f6-4494-4a89-a079-b48298c68696
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2842 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=22b642f6-4494-4a89-a079-b48298c68696
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2841 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=22b642f6-4494-4a89-a079-b48298c68696
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2840 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:18:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fce8d126-440c-42ca-86ca-4b729f1a7180
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8db91729-19ff-4bde-bd92-9f4afe5efdd4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2839 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fce8d126-440c-42ca-86ca-4b729f1a7180
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2838 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fce8d126-440c-42ca-86ca-4b729f1a7180
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2837 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fce8d126-440c-42ca-86ca-4b729f1a7180
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2836 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fce8d126-440c-42ca-86ca-4b729f1a7180
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2835 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fce8d126-440c-42ca-86ca-4b729f1a7180
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2834 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fce8d126-440c-42ca-86ca-4b729f1a7180
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2833 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28a617bb-483d-4f32-b993-4ecaff15216e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=10b84678-dd89-4eeb-917b-33a2fa3844b6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2832 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4dca6cf-5987-421b-bf9b-200543da1633
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA
EngineVersion=5.1.14393.1944
RunspaceId=a138a4f4-26f7-4cb5-a58d-d2d86fc086c4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2831 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4dca6cf-5987-421b-bf9b-200543da1633
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA
EngineVersion=5.1.14393.1944
RunspaceId=a138a4f4-26f7-4cb5-a58d-d2d86fc086c4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2830 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4dca6cf-5987-421b-bf9b-200543da1633
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2829 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4dca6cf-5987-421b-bf9b-200543da1633
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2828 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4dca6cf-5987-421b-bf9b-200543da1633
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2827 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4dca6cf-5987-421b-bf9b-200543da1633
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2826 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4dca6cf-5987-421b-bf9b-200543da1633
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2825 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4dca6cf-5987-421b-bf9b-200543da1633
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAEcAZQB0AC0ATgBlAHQASQBQAEEAZABkAHIAZQBzAHMAIAAtAGEAZABkAHIAZQBzAHMAZgBhAG0AaQBsAHkAIABpAHAAdgA0ACkALgBpAG4AdABlAHIAZgBhAGMAZQBhAGwAaQBhAHMAIAAtAG4AbwB0AGwAaQBrAGUAIAAiAEwAbwBvAHAAYgBhAGMAawAqACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2824 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2dafb35-74da-4e03-bd4d-49e67227cd9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=35d2b07e-31ac-49a3-a590-6c4b78acf97e
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2823 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2dafb35-74da-4e03-bd4d-49e67227cd9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=35d2b07e-31ac-49a3-a590-6c4b78acf97e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2822 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2dafb35-74da-4e03-bd4d-49e67227cd9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2821 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2dafb35-74da-4e03-bd4d-49e67227cd9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2820 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2dafb35-74da-4e03-bd4d-49e67227cd9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2819 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2dafb35-74da-4e03-bd4d-49e67227cd9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2818 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2dafb35-74da-4e03-bd4d-49e67227cd9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2817 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2dafb35-74da-4e03-bd4d-49e67227cd9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2816 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2dafb35-74da-4e03-bd4d-49e67227cd9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2815 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2dafb35-74da-4e03-bd4d-49e67227cd9a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2814 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28a617bb-483d-4f32-b993-4ecaff15216e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=10b84678-dd89-4eeb-917b-33a2fa3844b6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2813 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28a617bb-483d-4f32-b993-4ecaff15216e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2812 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28a617bb-483d-4f32-b993-4ecaff15216e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2811 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28a617bb-483d-4f32-b993-4ecaff15216e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2810 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28a617bb-483d-4f32-b993-4ecaff15216e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2809 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28a617bb-483d-4f32-b993-4ecaff15216e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2808 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=28a617bb-483d-4f32-b993-4ecaff15216e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2807 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=36
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7be3d306-8788-4d05-9d8e-d11151f51ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=91be8a57-4816-4c45-83e8-96e9156da956
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2806 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=34
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f4e2c99f-c266-47c8-94af-b5c98c4f4524
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=39a1dedd-7cac-4e3b-8e7b-7537502420ed
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2805 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f4e2c99f-c266-47c8-94af-b5c98c4f4524
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=39a1dedd-7cac-4e3b-8e7b-7537502420ed
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2804 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f4e2c99f-c266-47c8-94af-b5c98c4f4524
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2803 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f4e2c99f-c266-47c8-94af-b5c98c4f4524
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2802 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f4e2c99f-c266-47c8-94af-b5c98c4f4524
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2801 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f4e2c99f-c266-47c8-94af-b5c98c4f4524
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2800 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f4e2c99f-c266-47c8-94af-b5c98c4f4524
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2799 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f4e2c99f-c266-47c8-94af-b5c98c4f4524
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2798 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f4e2c99f-c266-47c8-94af-b5c98c4f4524
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2797 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f4e2c99f-c266-47c8-94af-b5c98c4f4524
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2796 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7be3d306-8788-4d05-9d8e-d11151f51ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=91be8a57-4816-4c45-83e8-96e9156da956
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2795 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7be3d306-8788-4d05-9d8e-d11151f51ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2794 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7be3d306-8788-4d05-9d8e-d11151f51ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2793 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7be3d306-8788-4d05-9d8e-d11151f51ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2792 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7be3d306-8788-4d05-9d8e-d11151f51ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2791 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7be3d306-8788-4d05-9d8e-d11151f51ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2790 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7be3d306-8788-4d05-9d8e-d11151f51ac9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2789 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:17:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a498d4b6-4435-444f-b6a0-c1ef8f6f3d97
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=96c26b47-6e37-4e15-b5aa-39e7329c7d7f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2788 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc8c9bb1-4cf4-4f15-8bf9-b33d1ae3625c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9b22b1d1-1146-439c-afc9-192482a752cf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2787 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc8c9bb1-4cf4-4f15-8bf9-b33d1ae3625c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2786 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc8c9bb1-4cf4-4f15-8bf9-b33d1ae3625c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2785 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc8c9bb1-4cf4-4f15-8bf9-b33d1ae3625c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2784 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc8c9bb1-4cf4-4f15-8bf9-b33d1ae3625c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2783 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc8c9bb1-4cf4-4f15-8bf9-b33d1ae3625c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2782 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc8c9bb1-4cf4-4f15-8bf9-b33d1ae3625c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2781 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc8c9bb1-4cf4-4f15-8bf9-b33d1ae3625c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2780 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bc8c9bb1-4cf4-4f15-8bf9-b33d1ae3625c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2779 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a498d4b6-4435-444f-b6a0-c1ef8f6f3d97
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=96c26b47-6e37-4e15-b5aa-39e7329c7d7f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2778 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a498d4b6-4435-444f-b6a0-c1ef8f6f3d97
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2777 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a498d4b6-4435-444f-b6a0-c1ef8f6f3d97
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2776 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a498d4b6-4435-444f-b6a0-c1ef8f6f3d97
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2775 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a498d4b6-4435-444f-b6a0-c1ef8f6f3d97
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2774 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a498d4b6-4435-444f-b6a0-c1ef8f6f3d97
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2773 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a498d4b6-4435-444f-b6a0-c1ef8f6f3d97
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2772 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca81df28-8f2a-4164-a697-a8607ac288de
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQA0AEEARABnAEEATgB3AEEAdQBBAEQASQBBAE4AQQBBAHQAQQBEAEUAQQBNAGcAQQB6AEEARABjAEEATwBRAEEAeABBAEQATQBBAE0AdwBBADEAQQBEAGcAQQBOAGcAQQAzAEEARABrAEEATgBnAEEAMwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=545cd087-7e12-4656-a10c-7aa756de6bd8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2771 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=937dae15-cd20-4c77-8a1a-a0bb28726d56
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADgANwAuADIANAAtADEAMgAzADcAOQAxADMAMwA1ADgANgA3ADkANgA3ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=5688594f-6857-49d1-9f60-020e0ef123c6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2770 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=937dae15-cd20-4c77-8a1a-a0bb28726d56
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADgANwAuADIANAAtADEAMgAzADcAOQAxADMAMwA1ADgANgA3ADkANgA3ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=5688594f-6857-49d1-9f60-020e0ef123c6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2769 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=937dae15-cd20-4c77-8a1a-a0bb28726d56
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADgANwAuADIANAAtADEAMgAzADcAOQAxADMAMwA1ADgANgA3ADkANgA3ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2768 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=937dae15-cd20-4c77-8a1a-a0bb28726d56
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADgANwAuADIANAAtADEAMgAzADcAOQAxADMAMwA1ADgANgA3ADkANgA3ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2767 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=937dae15-cd20-4c77-8a1a-a0bb28726d56
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADgANwAuADIANAAtADEAMgAzADcAOQAxADMAMwA1ADgANgA3ADkANgA3ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2766 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=937dae15-cd20-4c77-8a1a-a0bb28726d56
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADgANwAuADIANAAtADEAMgAzADcAOQAxADMAMwA1ADgANgA3ADkANgA3ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2765 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=937dae15-cd20-4c77-8a1a-a0bb28726d56
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADgANwAuADIANAAtADEAMgAzADcAOQAxADMAMwA1ADgANgA3ADkANgA3ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2764 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=937dae15-cd20-4c77-8a1a-a0bb28726d56
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADgANwAuADIANAAtADEAMgAzADcAOQAxADMAMwA1ADgANgA3ADkANgA3ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2763 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca81df28-8f2a-4164-a697-a8607ac288de
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQA0AEEARABnAEEATgB3AEEAdQBBAEQASQBBAE4AQQBBAHQAQQBEAEUAQQBNAGcAQQB6AEEARABjAEEATwBRAEEAeABBAEQATQBBAE0AdwBBADEAQQBEAGcAQQBOAGcAQQAzAEEARABrAEEATgBnAEEAMwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=545cd087-7e12-4656-a10c-7aa756de6bd8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2762 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca81df28-8f2a-4164-a697-a8607ac288de
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQA0AEEARABnAEEATgB3AEEAdQBBAEQASQBBAE4AQQBBAHQAQQBEAEUAQQBNAGcAQQB6AEEARABjAEEATwBRAEEAeABBAEQATQBBAE0AdwBBADEAQQBEAGcAQQBOAGcAQQAzAEEARABrAEEATgBnAEEAMwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2761 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca81df28-8f2a-4164-a697-a8607ac288de
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQA0AEEARABnAEEATgB3AEEAdQBBAEQASQBBAE4AQQBBAHQAQQBEAEUAQQBNAGcAQQB6AEEARABjAEEATwBRAEEAeABBAEQATQBBAE0AdwBBADEAQQBEAGcAQQBOAGcAQQAzAEEARABrAEEATgBnAEEAMwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2760 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca81df28-8f2a-4164-a697-a8607ac288de
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQA0AEEARABnAEEATgB3AEEAdQBBAEQASQBBAE4AQQBBAHQAQQBEAEUAQQBNAGcAQQB6AEEARABjAEEATwBRAEEAeABBAEQATQBBAE0AdwBBADEAQQBEAGcAQQBOAGcAQQAzAEEARABrAEEATgBnAEEAMwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2759 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca81df28-8f2a-4164-a697-a8607ac288de
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQA0AEEARABnAEEATgB3AEEAdQBBAEQASQBBAE4AQQBBAHQAQQBEAEUAQQBNAGcAQQB6AEEARABjAEEATwBRAEEAeABBAEQATQBBAE0AdwBBADEAQQBEAGcAQQBOAGcAQQAzAEEARABrAEEATgBnAEEAMwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2758 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca81df28-8f2a-4164-a697-a8607ac288de
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQA0AEEARABnAEEATgB3AEEAdQBBAEQASQBBAE4AQQBBAHQAQQBEAEUAQQBNAGcAQQB6AEEARABjAEEATwBRAEEAeABBAEQATQBBAE0AdwBBADEAQQBEAGcAQQBOAGcAQQAzAEEARABrAEEATgBnAEEAMwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2757 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ca81df28-8f2a-4164-a697-a8607ac288de
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQA0AEEARABnAEEATgB3AEEAdQBBAEQASQBBAE4AQQBBAHQAQQBEAEUAQQBNAGcAQQB6AEEARABjAEEATwBRAEEAeABBAEQATQBBAE0AdwBBADEAQQBEAGcAQQBOAGcAQQAzAEEARABrAEEATgBnAEEAMwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2756 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6f28e980-0d08-457c-a6ed-c8860ba4cce0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=18e23fe7-125a-4dee-9a3c-2daaf9b848ab
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2755 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cadde529-97c0-483b-9535-528ee4b88cbe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6ef488ce-8c31-4949-b66c-5723b2427902
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2754 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cadde529-97c0-483b-9535-528ee4b88cbe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2753 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cadde529-97c0-483b-9535-528ee4b88cbe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2752 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cadde529-97c0-483b-9535-528ee4b88cbe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2751 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cadde529-97c0-483b-9535-528ee4b88cbe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2750 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cadde529-97c0-483b-9535-528ee4b88cbe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2749 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cadde529-97c0-483b-9535-528ee4b88cbe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2748 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cadde529-97c0-483b-9535-528ee4b88cbe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2747 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=cadde529-97c0-483b-9535-528ee4b88cbe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2746 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6f28e980-0d08-457c-a6ed-c8860ba4cce0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=18e23fe7-125a-4dee-9a3c-2daaf9b848ab
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2745 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6f28e980-0d08-457c-a6ed-c8860ba4cce0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2744 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6f28e980-0d08-457c-a6ed-c8860ba4cce0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2743 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6f28e980-0d08-457c-a6ed-c8860ba4cce0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2742 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6f28e980-0d08-457c-a6ed-c8860ba4cce0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2741 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6f28e980-0d08-457c-a6ed-c8860ba4cce0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2740 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6f28e980-0d08-457c-a6ed-c8860ba4cce0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2739 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47d5d458-59da-4c43-9aba-1b2beda88e1c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADgANwAuADIANAAtADEAMgAzADcAOQAxADMAMwA1ADgANgA3ADkANgA3AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=69b3b530-4c26-433a-a025-d2e66baa683c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2738 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47d5d458-59da-4c43-9aba-1b2beda88e1c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADgANwAuADIANAAtADEAMgAzADcAOQAxADMAMwA1ADgANgA3ADkANgA3AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=69b3b530-4c26-433a-a025-d2e66baa683c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2737 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47d5d458-59da-4c43-9aba-1b2beda88e1c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADgANwAuADIANAAtADEAMgAzADcAOQAxADMAMwA1ADgANgA3ADkANgA3AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2736 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47d5d458-59da-4c43-9aba-1b2beda88e1c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADgANwAuADIANAAtADEAMgAzADcAOQAxADMAMwA1ADgANgA3ADkANgA3AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2735 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47d5d458-59da-4c43-9aba-1b2beda88e1c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADgANwAuADIANAAtADEAMgAzADcAOQAxADMAMwA1ADgANgA3ADkANgA3AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2734 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47d5d458-59da-4c43-9aba-1b2beda88e1c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADgANwAuADIANAAtADEAMgAzADcAOQAxADMAMwA1ADgANgA3ADkANgA3AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2733 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47d5d458-59da-4c43-9aba-1b2beda88e1c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADgANwAuADIANAAtADEAMgAzADcAOQAxADMAMwA1ADgANgA3ADkANgA3AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2732 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47d5d458-59da-4c43-9aba-1b2beda88e1c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADgANwAuADIANAAtADEAMgAzADcAOQAxADMAMwA1ADgANgA3ADkANgA3AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2731 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b43d2d1-1c16-45cd-98dc-12f257565c0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGcAQQBPAEEAQQAzAEEAQwA0AEEATQBnAEEAMABBAEMAMABBAE0AUQBBAHkAQQBEAE0AQQBOAHcAQQA1AEEARABFAEEATQB3AEEAegBBAEQAVQBBAE8AQQBBADIAQQBEAGMAQQBPAFEAQQAyAEEARABjAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=5491b695-cb46-42ac-ad14-82ec53450a9a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2730 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3baafed1-fc06-4223-9478-4d0fe741fe57
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADgAOAA3AC4AMgA0AC0AMQAyADMANwA5ADEAMwAzADUAOAA2ADcAOQA2ADcAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=24ba1736-fd2f-4e60-a111-90810737ab58
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2729 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3baafed1-fc06-4223-9478-4d0fe741fe57
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADgAOAA3AC4AMgA0AC0AMQAyADMANwA5ADEAMwAzADUAOAA2ADcAOQA2ADcAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=24ba1736-fd2f-4e60-a111-90810737ab58
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2728 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3baafed1-fc06-4223-9478-4d0fe741fe57
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADgAOAA3AC4AMgA0AC0AMQAyADMANwA5ADEAMwAzADUAOAA2ADcAOQA2ADcAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2727 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3baafed1-fc06-4223-9478-4d0fe741fe57
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADgAOAA3AC4AMgA0AC0AMQAyADMANwA5ADEAMwAzADUAOAA2ADcAOQA2ADcAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2726 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3baafed1-fc06-4223-9478-4d0fe741fe57
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADgAOAA3AC4AMgA0AC0AMQAyADMANwA5ADEAMwAzADUAOAA2ADcAOQA2ADcAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2725 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3baafed1-fc06-4223-9478-4d0fe741fe57
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADgAOAA3AC4AMgA0AC0AMQAyADMANwA5ADEAMwAzADUAOAA2ADcAOQA2ADcAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2724 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3baafed1-fc06-4223-9478-4d0fe741fe57
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADgAOAA3AC4AMgA0AC0AMQAyADMANwA5ADEAMwAzADUAOAA2ADcAOQA2ADcAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2723 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3baafed1-fc06-4223-9478-4d0fe741fe57
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADgAOAA3AC4AMgA0AC0AMQAyADMANwA5ADEAMwAzADUAOAA2ADcAOQA2ADcAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2722 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b43d2d1-1c16-45cd-98dc-12f257565c0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGcAQQBPAEEAQQAzAEEAQwA0AEEATQBnAEEAMABBAEMAMABBAE0AUQBBAHkAQQBEAE0AQQBOAHcAQQA1AEEARABFAEEATQB3AEEAegBBAEQAVQBBAE8AQQBBADIAQQBEAGMAQQBPAFEAQQAyAEEARABjAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=5491b695-cb46-42ac-ad14-82ec53450a9a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2721 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b43d2d1-1c16-45cd-98dc-12f257565c0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGcAQQBPAEEAQQAzAEEAQwA0AEEATQBnAEEAMABBAEMAMABBAE0AUQBBAHkAQQBEAE0AQQBOAHcAQQA1AEEARABFAEEATQB3AEEAegBBAEQAVQBBAE8AQQBBADIAQQBEAGMAQQBPAFEAQQAyAEEARABjAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2720 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b43d2d1-1c16-45cd-98dc-12f257565c0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGcAQQBPAEEAQQAzAEEAQwA0AEEATQBnAEEAMABBAEMAMABBAE0AUQBBAHkAQQBEAE0AQQBOAHcAQQA1AEEARABFAEEATQB3AEEAegBBAEQAVQBBAE8AQQBBADIAQQBEAGMAQQBPAFEAQQAyAEEARABjAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2719 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b43d2d1-1c16-45cd-98dc-12f257565c0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGcAQQBPAEEAQQAzAEEAQwA0AEEATQBnAEEAMABBAEMAMABBAE0AUQBBAHkAQQBEAE0AQQBOAHcAQQA1AEEARABFAEEATQB3AEEAegBBAEQAVQBBAE8AQQBBADIAQQBEAGMAQQBPAFEAQQAyAEEARABjAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2718 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b43d2d1-1c16-45cd-98dc-12f257565c0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGcAQQBPAEEAQQAzAEEAQwA0AEEATQBnAEEAMABBAEMAMABBAE0AUQBBAHkAQQBEAE0AQQBOAHcAQQA1AEEARABFAEEATQB3AEEAegBBAEQAVQBBAE8AQQBBADIAQQBEAGMAQQBPAFEAQQAyAEEARABjAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2717 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b43d2d1-1c16-45cd-98dc-12f257565c0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGcAQQBPAEEAQQAzAEEAQwA0AEEATQBnAEEAMABBAEMAMABBAE0AUQBBAHkAQQBEAE0AQQBOAHcAQQA1AEEARABFAEEATQB3AEEAegBBAEQAVQBBAE8AQQBBADIAQQBEAGMAQQBPAFEAQQAyAEEARABjAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2716 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b43d2d1-1c16-45cd-98dc-12f257565c0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGcAQQBPAEEAQQAzAEEAQwA0AEEATQBnAEEAMABBAEMAMABBAE0AUQBBAHkAQQBEAE0AQQBOAHcAQQA1AEEARABFAEEATQB3AEEAegBBAEQAVQBBAE8AQQBBADIAQQBEAGMAQQBPAFEAQQAyAEEARABjAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2715 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a5d2a389-d985-4d33-be1f-a8e500c6c8c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6e18a634-f186-4f2c-966d-a95b51e45a5f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2714 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f1214014-f0a8-4a1d-8f68-7145f84cedde
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6a6b69c5-55b0-4fd4-b9ed-8db75a80382d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2713 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f1214014-f0a8-4a1d-8f68-7145f84cedde
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2712 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f1214014-f0a8-4a1d-8f68-7145f84cedde
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2711 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f1214014-f0a8-4a1d-8f68-7145f84cedde
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2710 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f1214014-f0a8-4a1d-8f68-7145f84cedde
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2709 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f1214014-f0a8-4a1d-8f68-7145f84cedde
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2708 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f1214014-f0a8-4a1d-8f68-7145f84cedde
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2707 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f1214014-f0a8-4a1d-8f68-7145f84cedde
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2706 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f1214014-f0a8-4a1d-8f68-7145f84cedde
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2705 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a5d2a389-d985-4d33-be1f-a8e500c6c8c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6e18a634-f186-4f2c-966d-a95b51e45a5f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2704 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a5d2a389-d985-4d33-be1f-a8e500c6c8c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2703 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a5d2a389-d985-4d33-be1f-a8e500c6c8c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2702 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a5d2a389-d985-4d33-be1f-a8e500c6c8c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2701 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a5d2a389-d985-4d33-be1f-a8e500c6c8c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2700 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a5d2a389-d985-4d33-be1f-a8e500c6c8c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2699 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a5d2a389-d985-4d33-be1f-a8e500c6c8c9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2698 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1e2db47a-9ab6-44f7-ac5a-040fa2b6db7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4220e361-30d8-4697-a558-2cde092dba25
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2697 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38c1cd59-fdb2-4104-bc65-bf910206484d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=5.1.14393.1944
RunspaceId=8504211c-b586-4eb5-8a20-afe0bfd33e33
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2696 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:01:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38c1cd59-fdb2-4104-bc65-bf910206484d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=5.1.14393.1944
RunspaceId=8504211c-b586-4eb5-8a20-afe0bfd33e33
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2695 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38c1cd59-fdb2-4104-bc65-bf910206484d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2694 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38c1cd59-fdb2-4104-bc65-bf910206484d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2693 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38c1cd59-fdb2-4104-bc65-bf910206484d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2692 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38c1cd59-fdb2-4104-bc65-bf910206484d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2691 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38c1cd59-fdb2-4104-bc65-bf910206484d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2690 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=38c1cd59-fdb2-4104-bc65-bf910206484d
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2689 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6635f2ad-3924-48fc-b046-f9ad09f2eced
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=16951177-27b9-4bbf-96f4-24d2b98421c5
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2688 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6635f2ad-3924-48fc-b046-f9ad09f2eced
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=16951177-27b9-4bbf-96f4-24d2b98421c5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2687 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6635f2ad-3924-48fc-b046-f9ad09f2eced
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2686 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6635f2ad-3924-48fc-b046-f9ad09f2eced
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2685 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6635f2ad-3924-48fc-b046-f9ad09f2eced
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2684 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6635f2ad-3924-48fc-b046-f9ad09f2eced
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2683 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6635f2ad-3924-48fc-b046-f9ad09f2eced
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2682 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6635f2ad-3924-48fc-b046-f9ad09f2eced
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2681 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6635f2ad-3924-48fc-b046-f9ad09f2eced
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2680 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6635f2ad-3924-48fc-b046-f9ad09f2eced
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2679 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1e2db47a-9ab6-44f7-ac5a-040fa2b6db7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4220e361-30d8-4697-a558-2cde092dba25
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2678 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1e2db47a-9ab6-44f7-ac5a-040fa2b6db7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2677 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1e2db47a-9ab6-44f7-ac5a-040fa2b6db7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2676 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1e2db47a-9ab6-44f7-ac5a-040fa2b6db7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2675 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1e2db47a-9ab6-44f7-ac5a-040fa2b6db7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2674 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1e2db47a-9ab6-44f7-ac5a-040fa2b6db7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2673 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1e2db47a-9ab6-44f7-ac5a-040fa2b6db7f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2672 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ae47a2b6-16cf-4850-8337-99e8f27a7ed9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ba936fdf-e26d-4b8f-a077-8be838fcab45
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2671 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f52b56e-edb1-41f5-ac31-7a56fe65fd43
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=5.1.14393.1944
RunspaceId=1325d2dd-9223-4dfa-8b2a-463c61b9b18f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2670 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f52b56e-edb1-41f5-ac31-7a56fe65fd43
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=5.1.14393.1944
RunspaceId=1325d2dd-9223-4dfa-8b2a-463c61b9b18f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2669 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f52b56e-edb1-41f5-ac31-7a56fe65fd43
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2668 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f52b56e-edb1-41f5-ac31-7a56fe65fd43
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2667 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f52b56e-edb1-41f5-ac31-7a56fe65fd43
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2666 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f52b56e-edb1-41f5-ac31-7a56fe65fd43
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2665 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f52b56e-edb1-41f5-ac31-7a56fe65fd43
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2664 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f52b56e-edb1-41f5-ac31-7a56fe65fd43
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB0AHcAbwByAGsAaQBuAGcALQBoAHkAcABlAHIAdgAgACIALQBlACAAZgBpAGwAZQA6AC8ALwAvAEMAOgAvAG8AcABlAG4AcwB0AGEAYwBrAC8AYgB1AGkAbABkAC8AbgBlAHQAdwBvAHIAawBpAG4AZwAtAGgAeQBwAGUAcgB2ACMAZQBnAGcAPQBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2663 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c9f285f-1cf8-4e8c-9707-f7a7e98d0fce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8f7d7382-ac30-46e3-a3d5-ee010e6ba08d
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2662 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c9f285f-1cf8-4e8c-9707-f7a7e98d0fce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8f7d7382-ac30-46e3-a3d5-ee010e6ba08d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2661 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c9f285f-1cf8-4e8c-9707-f7a7e98d0fce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2660 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c9f285f-1cf8-4e8c-9707-f7a7e98d0fce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2659 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c9f285f-1cf8-4e8c-9707-f7a7e98d0fce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2658 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c9f285f-1cf8-4e8c-9707-f7a7e98d0fce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2657 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c9f285f-1cf8-4e8c-9707-f7a7e98d0fce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2656 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c9f285f-1cf8-4e8c-9707-f7a7e98d0fce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2655 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c9f285f-1cf8-4e8c-9707-f7a7e98d0fce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2654 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8c9f285f-1cf8-4e8c-9707-f7a7e98d0fce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2653 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ae47a2b6-16cf-4850-8337-99e8f27a7ed9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ba936fdf-e26d-4b8f-a077-8be838fcab45
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2652 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ae47a2b6-16cf-4850-8337-99e8f27a7ed9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2651 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ae47a2b6-16cf-4850-8337-99e8f27a7ed9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2650 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ae47a2b6-16cf-4850-8337-99e8f27a7ed9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2649 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ae47a2b6-16cf-4850-8337-99e8f27a7ed9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2648 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ae47a2b6-16cf-4850-8337-99e8f27a7ed9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2647 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ae47a2b6-16cf-4850-8337-99e8f27a7ed9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2646 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f9c0215-c4b8-42cb-b765-742595dd80d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=60332f6b-4fdc-406a-82e4-3401159bbaaa
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2645 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=355d9030-3986-443d-9bb2-35de5b683a88
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=b45c7b3e-1fed-4ea2-8298-458c14308656
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2644 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=355d9030-3986-443d-9bb2-35de5b683a88
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=b45c7b3e-1fed-4ea2-8298-458c14308656
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2643 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=355d9030-3986-443d-9bb2-35de5b683a88
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2642 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=355d9030-3986-443d-9bb2-35de5b683a88
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2641 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=355d9030-3986-443d-9bb2-35de5b683a88
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2640 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=355d9030-3986-443d-9bb2-35de5b683a88
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2639 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=355d9030-3986-443d-9bb2-35de5b683a88
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2638 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=355d9030-3986-443d-9bb2-35de5b683a88
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYAXABcAHMAZQB0AHUAcAAuAGMAZgBnACAALQBwAGEAdAB0AGUAcgBuACAAIgBeAG4AYQBtAGUALgAqAD0ALgAqACIAIAB8ACAAJQAgAHsAJABfAC4AbQBhAHQAYwBoAGUAcwAuAHYAYQBsAHUAZQAuAHMAcABsAGkAdAAoACIAPQAiACkAWwAxAF0ALgB0AHIAaQBtACgAKQB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2637 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=134c7f8b-fd13-4927-9788-791f2854c8c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1971775a-e7ab-41ad-ac6d-87132d098ad2
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2636 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=134c7f8b-fd13-4927-9788-791f2854c8c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1971775a-e7ab-41ad-ac6d-87132d098ad2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2635 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=134c7f8b-fd13-4927-9788-791f2854c8c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2634 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=134c7f8b-fd13-4927-9788-791f2854c8c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2633 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=134c7f8b-fd13-4927-9788-791f2854c8c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2632 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=134c7f8b-fd13-4927-9788-791f2854c8c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2631 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=134c7f8b-fd13-4927-9788-791f2854c8c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2630 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=134c7f8b-fd13-4927-9788-791f2854c8c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2629 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=134c7f8b-fd13-4927-9788-791f2854c8c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2628 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=134c7f8b-fd13-4927-9788-791f2854c8c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2627 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f9c0215-c4b8-42cb-b765-742595dd80d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=60332f6b-4fdc-406a-82e4-3401159bbaaa
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2626 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f9c0215-c4b8-42cb-b765-742595dd80d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2625 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f9c0215-c4b8-42cb-b765-742595dd80d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2624 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f9c0215-c4b8-42cb-b765-742595dd80d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2623 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f9c0215-c4b8-42cb-b765-742595dd80d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2622 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f9c0215-c4b8-42cb-b765-742595dd80d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2621 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f9c0215-c4b8-42cb-b765-742595dd80d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2620 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f53cb0d-a16d-4921-a84e-46335fffa5e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQA0AEEARABJAEEATwBRAEEAdQBBAEQATQBBAE0AZwBBAHQAQQBEAEUAQQBNAEEAQQB4AEEARABBAEEATwBRAEEAeQBBAEQAZwBBAE0AdwBBADUAQQBEAGMAQQBOAHcAQQAwAEEARABRAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=4f2be88e-5ad9-4215-ac4d-06c6e17c834e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2619 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb7170db-577a-47dc-bcd5-574a28b475a9
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADIAOQAuADMAMgAtADEAMAAxADAAOQAyADgAMwA5ADcANwA0ADQANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=6d18356c-12b2-4315-884e-796aec1d23a5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2618 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb7170db-577a-47dc-bcd5-574a28b475a9
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADIAOQAuADMAMgAtADEAMAAxADAAOQAyADgAMwA5ADcANwA0ADQANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=6d18356c-12b2-4315-884e-796aec1d23a5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2617 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb7170db-577a-47dc-bcd5-574a28b475a9
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADIAOQAuADMAMgAtADEAMAAxADAAOQAyADgAMwA5ADcANwA0ADQANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2616 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb7170db-577a-47dc-bcd5-574a28b475a9
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADIAOQAuADMAMgAtADEAMAAxADAAOQAyADgAMwA5ADcANwA0ADQANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2615 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb7170db-577a-47dc-bcd5-574a28b475a9
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADIAOQAuADMAMgAtADEAMAAxADAAOQAyADgAMwA5ADcANwA0ADQANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2614 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb7170db-577a-47dc-bcd5-574a28b475a9
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADIAOQAuADMAMgAtADEAMAAxADAAOQAyADgAMwA5ADcANwA0ADQANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2613 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb7170db-577a-47dc-bcd5-574a28b475a9
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADIAOQAuADMAMgAtADEAMAAxADAAOQAyADgAMwA5ADcANwA0ADQANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2612 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb7170db-577a-47dc-bcd5-574a28b475a9
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADIAOQAuADMAMgAtADEAMAAxADAAOQAyADgAMwA5ADcANwA0ADQANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2611 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f53cb0d-a16d-4921-a84e-46335fffa5e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQA0AEEARABJAEEATwBRAEEAdQBBAEQATQBBAE0AZwBBAHQAQQBEAEUAQQBNAEEAQQB4AEEARABBAEEATwBRAEEAeQBBAEQAZwBBAE0AdwBBADUAQQBEAGMAQQBOAHcAQQAwAEEARABRAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=4f2be88e-5ad9-4215-ac4d-06c6e17c834e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2610 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f53cb0d-a16d-4921-a84e-46335fffa5e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQA0AEEARABJAEEATwBRAEEAdQBBAEQATQBBAE0AZwBBAHQAQQBEAEUAQQBNAEEAQQB4AEEARABBAEEATwBRAEEAeQBBAEQAZwBBAE0AdwBBADUAQQBEAGMAQQBOAHcAQQAwAEEARABRAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2609 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f53cb0d-a16d-4921-a84e-46335fffa5e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQA0AEEARABJAEEATwBRAEEAdQBBAEQATQBBAE0AZwBBAHQAQQBEAEUAQQBNAEEAQQB4AEEARABBAEEATwBRAEEAeQBBAEQAZwBBAE0AdwBBADUAQQBEAGMAQQBOAHcAQQAwAEEARABRAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2608 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f53cb0d-a16d-4921-a84e-46335fffa5e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQA0AEEARABJAEEATwBRAEEAdQBBAEQATQBBAE0AZwBBAHQAQQBEAEUAQQBNAEEAQQB4AEEARABBAEEATwBRAEEAeQBBAEQAZwBBAE0AdwBBADUAQQBEAGMAQQBOAHcAQQAwAEEARABRAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2607 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f53cb0d-a16d-4921-a84e-46335fffa5e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQA0AEEARABJAEEATwBRAEEAdQBBAEQATQBBAE0AZwBBAHQAQQBEAEUAQQBNAEEAQQB4AEEARABBAEEATwBRAEEAeQBBAEQAZwBBAE0AdwBBADUAQQBEAGMAQQBOAHcAQQAwAEEARABRAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2606 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f53cb0d-a16d-4921-a84e-46335fffa5e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQA0AEEARABJAEEATwBRAEEAdQBBAEQATQBBAE0AZwBBAHQAQQBEAEUAQQBNAEEAQQB4AEEARABBAEEATwBRAEEAeQBBAEQAZwBBAE0AdwBBADUAQQBEAGMAQQBOAHcAQQAwAEEARABRAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2605 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0f53cb0d-a16d-4921-a84e-46335fffa5e1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQA0AEEARABJAEEATwBRAEEAdQBBAEQATQBBAE0AZwBBAHQAQQBEAEUAQQBNAEEAQQB4AEEARABBAEEATwBRAEEAeQBBAEQAZwBBAE0AdwBBADUAQQBEAGMAQQBOAHcAQQAwAEEARABRAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2604 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd658aba-84f6-42bd-931c-0f607ccc90cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a8e7f68e-3091-4aea-98b0-4fcc62696602
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2603 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2661040c-c819-4796-a804-aec14920103b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bfa1d342-658b-477f-824e-f07a34ba90f6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2602 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2661040c-c819-4796-a804-aec14920103b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2601 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2661040c-c819-4796-a804-aec14920103b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2600 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2661040c-c819-4796-a804-aec14920103b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2599 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2661040c-c819-4796-a804-aec14920103b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2598 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2661040c-c819-4796-a804-aec14920103b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2597 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2661040c-c819-4796-a804-aec14920103b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2596 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2661040c-c819-4796-a804-aec14920103b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2595 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2661040c-c819-4796-a804-aec14920103b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2594 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd658aba-84f6-42bd-931c-0f607ccc90cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a8e7f68e-3091-4aea-98b0-4fcc62696602
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2593 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd658aba-84f6-42bd-931c-0f607ccc90cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2592 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd658aba-84f6-42bd-931c-0f607ccc90cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2591 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd658aba-84f6-42bd-931c-0f607ccc90cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2590 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd658aba-84f6-42bd-931c-0f607ccc90cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2589 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd658aba-84f6-42bd-931c-0f607ccc90cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2588 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=bd658aba-84f6-42bd-931c-0f607ccc90cf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2587 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee6fab30-3395-41b6-bb45-fec9b5084134
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADIAOQAuADMAMgAtADEAMAAxADAAOQAyADgAMwA5ADcANwA0ADQANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=eda6be4d-ef1d-43a1-9458-24137c5a09d4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2586 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee6fab30-3395-41b6-bb45-fec9b5084134
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADIAOQAuADMAMgAtADEAMAAxADAAOQAyADgAMwA5ADcANwA0ADQANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=eda6be4d-ef1d-43a1-9458-24137c5a09d4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2585 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee6fab30-3395-41b6-bb45-fec9b5084134
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADIAOQAuADMAMgAtADEAMAAxADAAOQAyADgAMwA5ADcANwA0ADQANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2584 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee6fab30-3395-41b6-bb45-fec9b5084134
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADIAOQAuADMAMgAtADEAMAAxADAAOQAyADgAMwA5ADcANwA0ADQANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2583 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee6fab30-3395-41b6-bb45-fec9b5084134
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADIAOQAuADMAMgAtADEAMAAxADAAOQAyADgAMwA5ADcANwA0ADQANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2582 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee6fab30-3395-41b6-bb45-fec9b5084134
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADIAOQAuADMAMgAtADEAMAAxADAAOQAyADgAMwA5ADcANwA0ADQANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2581 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee6fab30-3395-41b6-bb45-fec9b5084134
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADIAOQAuADMAMgAtADEAMAAxADAAOQAyADgAMwA5ADcANwA0ADQANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2580 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee6fab30-3395-41b6-bb45-fec9b5084134
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA4ADIAOQAuADMAMgAtADEAMAAxADAAOQAyADgAMwA5ADcANwA0ADQANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2579 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7ee51be4-5ae0-4089-ba68-de9a820c670b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGcAQQBNAGcAQQA1AEEAQwA0AEEATQB3AEEAeQBBAEMAMABBAE0AUQBBAHcAQQBEAEUAQQBNAEEAQQA1AEEARABJAEEATwBBAEEAegBBAEQAawBBAE4AdwBBADMAQQBEAFEAQQBOAEEAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=8e266e8a-7301-4322-bfab-8453c2ba75bd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2578 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ff41ba10-03ff-43a0-8606-b0b65919720f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADgAMgA5AC4AMwAyAC0AMQAwADEAMAA5ADIAOAAzADkANwA3ADQANAA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=c662cf85-a9f7-418c-9f39-1bf3dd37cb9c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2577 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ff41ba10-03ff-43a0-8606-b0b65919720f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADgAMgA5AC4AMwAyAC0AMQAwADEAMAA5ADIAOAAzADkANwA3ADQANAA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=c662cf85-a9f7-418c-9f39-1bf3dd37cb9c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2576 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ff41ba10-03ff-43a0-8606-b0b65919720f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADgAMgA5AC4AMwAyAC0AMQAwADEAMAA5ADIAOAAzADkANwA3ADQANAA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2575 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ff41ba10-03ff-43a0-8606-b0b65919720f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADgAMgA5AC4AMwAyAC0AMQAwADEAMAA5ADIAOAAzADkANwA3ADQANAA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2574 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ff41ba10-03ff-43a0-8606-b0b65919720f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADgAMgA5AC4AMwAyAC0AMQAwADEAMAA5ADIAOAAzADkANwA3ADQANAA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2573 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ff41ba10-03ff-43a0-8606-b0b65919720f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADgAMgA5AC4AMwAyAC0AMQAwADEAMAA5ADIAOAAzADkANwA3ADQANAA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2572 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ff41ba10-03ff-43a0-8606-b0b65919720f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADgAMgA5AC4AMwAyAC0AMQAwADEAMAA5ADIAOAAzADkANwA3ADQANAA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2571 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ff41ba10-03ff-43a0-8606-b0b65919720f
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADgAMgA5AC4AMwAyAC0AMQAwADEAMAA5ADIAOAAzADkANwA3ADQANAA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2570 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7ee51be4-5ae0-4089-ba68-de9a820c670b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGcAQQBNAGcAQQA1AEEAQwA0AEEATQB3AEEAeQBBAEMAMABBAE0AUQBBAHcAQQBEAEUAQQBNAEEAQQA1AEEARABJAEEATwBBAEEAegBBAEQAawBBAE4AdwBBADMAQQBEAFEAQQBOAEEAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=8e266e8a-7301-4322-bfab-8453c2ba75bd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2569 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7ee51be4-5ae0-4089-ba68-de9a820c670b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGcAQQBNAGcAQQA1AEEAQwA0AEEATQB3AEEAeQBBAEMAMABBAE0AUQBBAHcAQQBEAEUAQQBNAEEAQQA1AEEARABJAEEATwBBAEEAegBBAEQAawBBAE4AdwBBADMAQQBEAFEAQQBOAEEAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2568 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7ee51be4-5ae0-4089-ba68-de9a820c670b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGcAQQBNAGcAQQA1AEEAQwA0AEEATQB3AEEAeQBBAEMAMABBAE0AUQBBAHcAQQBEAEUAQQBNAEEAQQA1AEEARABJAEEATwBBAEEAegBBAEQAawBBAE4AdwBBADMAQQBEAFEAQQBOAEEAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2567 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7ee51be4-5ae0-4089-ba68-de9a820c670b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGcAQQBNAGcAQQA1AEEAQwA0AEEATQB3AEEAeQBBAEMAMABBAE0AUQBBAHcAQQBEAEUAQQBNAEEAQQA1AEEARABJAEEATwBBAEEAegBBAEQAawBBAE4AdwBBADMAQQBEAFEAQQBOAEEAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2566 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7ee51be4-5ae0-4089-ba68-de9a820c670b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGcAQQBNAGcAQQA1AEEAQwA0AEEATQB3AEEAeQBBAEMAMABBAE0AUQBBAHcAQQBEAEUAQQBNAEEAQQA1AEEARABJAEEATwBBAEEAegBBAEQAawBBAE4AdwBBADMAQQBEAFEAQQBOAEEAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2565 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7ee51be4-5ae0-4089-ba68-de9a820c670b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGcAQQBNAGcAQQA1AEEAQwA0AEEATQB3AEEAeQBBAEMAMABBAE0AUQBBAHcAQQBEAEUAQQBNAEEAQQA1AEEARABJAEEATwBBAEEAegBBAEQAawBBAE4AdwBBADMAQQBEAFEAQQBOAEEAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2564 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7ee51be4-5ae0-4089-ba68-de9a820c670b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGcAQQBNAGcAQQA1AEEAQwA0AEEATQB3AEEAeQBBAEMAMABBAE0AUQBBAHcAQQBEAEUAQQBNAEEAQQA1AEEARABJAEEATwBBAEEAegBBAEQAawBBAE4AdwBBADMAQQBEAFEAQQBOAEEAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2563 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d6d270b-b97c-41bf-a7fc-c4af7ff0ad3c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b2ac1aa5-43ba-4de0-a85b-b1ed5544c493
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2562 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4f4d9b59-0c2a-4a5e-91c7-efd53c17afb1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=56ab5c28-a24f-4d38-87d3-09eebe061397
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2561 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4f4d9b59-0c2a-4a5e-91c7-efd53c17afb1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2560 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4f4d9b59-0c2a-4a5e-91c7-efd53c17afb1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2559 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4f4d9b59-0c2a-4a5e-91c7-efd53c17afb1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2558 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4f4d9b59-0c2a-4a5e-91c7-efd53c17afb1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2557 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4f4d9b59-0c2a-4a5e-91c7-efd53c17afb1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2556 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4f4d9b59-0c2a-4a5e-91c7-efd53c17afb1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2555 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4f4d9b59-0c2a-4a5e-91c7-efd53c17afb1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2554 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4f4d9b59-0c2a-4a5e-91c7-efd53c17afb1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2553 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d6d270b-b97c-41bf-a7fc-c4af7ff0ad3c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b2ac1aa5-43ba-4de0-a85b-b1ed5544c493
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2552 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d6d270b-b97c-41bf-a7fc-c4af7ff0ad3c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2551 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d6d270b-b97c-41bf-a7fc-c4af7ff0ad3c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2550 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d6d270b-b97c-41bf-a7fc-c4af7ff0ad3c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2549 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d6d270b-b97c-41bf-a7fc-c4af7ff0ad3c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2548 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d6d270b-b97c-41bf-a7fc-c4af7ff0ad3c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2547 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d6d270b-b97c-41bf-a7fc-c4af7ff0ad3c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2546 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4265247f-e51f-43a1-8928-76ac15f54f6f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5bf5bf5c-ffb3-4178-9197-7a800be72ed3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2545 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=812cd415-7262-45b3-b37d-625017ae8f87
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=5.1.14393.1944
RunspaceId=8368c796-578a-423d-9f18-7293cfe6a972
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2544 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=812cd415-7262-45b3-b37d-625017ae8f87
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=5.1.14393.1944
RunspaceId=8368c796-578a-423d-9f18-7293cfe6a972
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2543 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=812cd415-7262-45b3-b37d-625017ae8f87
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2542 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=812cd415-7262-45b3-b37d-625017ae8f87
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2541 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=812cd415-7262-45b3-b37d-625017ae8f87
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2540 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=812cd415-7262-45b3-b37d-625017ae8f87
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2539 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=812cd415-7262-45b3-b37d-625017ae8f87
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2538 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=812cd415-7262-45b3-b37d-625017ae8f87
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG8AcwAtAHcAaQBuAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2537 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=795ecf63-c918-4b3d-afb8-4791aed877c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2cdd5a5e-37f2-4b3e-a59c-0f6ba5c831ba
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2536 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=795ecf63-c918-4b3d-afb8-4791aed877c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2cdd5a5e-37f2-4b3e-a59c-0f6ba5c831ba
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2535 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=795ecf63-c918-4b3d-afb8-4791aed877c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2534 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=795ecf63-c918-4b3d-afb8-4791aed877c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2533 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=795ecf63-c918-4b3d-afb8-4791aed877c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2532 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=795ecf63-c918-4b3d-afb8-4791aed877c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2531 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=795ecf63-c918-4b3d-afb8-4791aed877c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2530 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=795ecf63-c918-4b3d-afb8-4791aed877c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2529 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=795ecf63-c918-4b3d-afb8-4791aed877c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2528 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=795ecf63-c918-4b3d-afb8-4791aed877c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2527 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4265247f-e51f-43a1-8928-76ac15f54f6f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5bf5bf5c-ffb3-4178-9197-7a800be72ed3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2526 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4265247f-e51f-43a1-8928-76ac15f54f6f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2525 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4265247f-e51f-43a1-8928-76ac15f54f6f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2524 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4265247f-e51f-43a1-8928-76ac15f54f6f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2523 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4265247f-e51f-43a1-8928-76ac15f54f6f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2522 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4265247f-e51f-43a1-8928-76ac15f54f6f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2521 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4265247f-e51f-43a1-8928-76ac15f54f6f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2520 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=49d782c9-220d-462f-a8ef-76df07a9aa6e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3417cd47-6970-48d6-9296-767ca8760214
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2519 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fdc91fc9-151c-46d1-80cb-16a22041b724
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA=
EngineVersion=5.1.14393.1944
RunspaceId=b8d59b23-32ee-401a-be5b-868bf5b088d4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2518 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fdc91fc9-151c-46d1-80cb-16a22041b724
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA=
EngineVersion=5.1.14393.1944
RunspaceId=b8d59b23-32ee-401a-be5b-868bf5b088d4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2517 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fdc91fc9-151c-46d1-80cb-16a22041b724
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2516 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fdc91fc9-151c-46d1-80cb-16a22041b724
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2515 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fdc91fc9-151c-46d1-80cb-16a22041b724
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2514 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fdc91fc9-151c-46d1-80cb-16a22041b724
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2513 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fdc91fc9-151c-46d1-80cb-16a22041b724
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2512 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fdc91fc9-151c-46d1-80cb-16a22041b724
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG8AcwAtAHcAaQBuACAAIgAtAGUAIABmAGkAbABlADoALwAvAC8AQwA6AC8AbwBwAGUAbgBzAHQAYQBjAGsALwBiAHUAaQBsAGQALwBvAHMALQB3AGkAbgAjAGUAZwBnAD0AbwBzAC0AdwBpAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2511 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b6fc0947-d40b-4d9a-aad8-d404b37ae3ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4377037b-a74e-4ff5-97d4-427606e1939c
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2510 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b6fc0947-d40b-4d9a-aad8-d404b37ae3ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4377037b-a74e-4ff5-97d4-427606e1939c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2509 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b6fc0947-d40b-4d9a-aad8-d404b37ae3ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2508 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b6fc0947-d40b-4d9a-aad8-d404b37ae3ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2507 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b6fc0947-d40b-4d9a-aad8-d404b37ae3ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2506 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b6fc0947-d40b-4d9a-aad8-d404b37ae3ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2505 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b6fc0947-d40b-4d9a-aad8-d404b37ae3ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2504 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b6fc0947-d40b-4d9a-aad8-d404b37ae3ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2503 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b6fc0947-d40b-4d9a-aad8-d404b37ae3ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2502 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b6fc0947-d40b-4d9a-aad8-d404b37ae3ce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2501 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=49d782c9-220d-462f-a8ef-76df07a9aa6e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3417cd47-6970-48d6-9296-767ca8760214
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2500 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=49d782c9-220d-462f-a8ef-76df07a9aa6e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2499 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=49d782c9-220d-462f-a8ef-76df07a9aa6e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2498 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=49d782c9-220d-462f-a8ef-76df07a9aa6e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2497 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=49d782c9-220d-462f-a8ef-76df07a9aa6e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2496 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=49d782c9-220d-462f-a8ef-76df07a9aa6e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2495 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=49d782c9-220d-462f-a8ef-76df07a9aa6e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2494 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6041bfc3-a921-4006-834f-18dda65cf4b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=59a43631-cdb8-43cf-8948-58a40b3714a9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2493 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e407707-1c16-4a9d-aaac-5bcfa1cab6b0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=5.1.14393.1944
RunspaceId=fa1b454c-d7fe-46f6-9702-12acd805e254
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2492 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e407707-1c16-4a9d-aaac-5bcfa1cab6b0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=5.1.14393.1944
RunspaceId=fa1b454c-d7fe-46f6-9702-12acd805e254
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2491 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e407707-1c16-4a9d-aaac-5bcfa1cab6b0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2490 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e407707-1c16-4a9d-aaac-5bcfa1cab6b0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2489 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e407707-1c16-4a9d-aaac-5bcfa1cab6b0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2488 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e407707-1c16-4a9d-aaac-5bcfa1cab6b0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2487 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e407707-1c16-4a9d-aaac-5bcfa1cab6b0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2486 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4e407707-1c16-4a9d-aaac-5bcfa1cab6b0
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABvAHMALQB3AGkAbgBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2485 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93ec4f45-1bad-4158-b451-166486a6f1f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=338cbff4-54df-4240-89dd-df8fa43f5cca
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2484 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93ec4f45-1bad-4158-b451-166486a6f1f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=338cbff4-54df-4240-89dd-df8fa43f5cca
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2483 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93ec4f45-1bad-4158-b451-166486a6f1f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2482 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93ec4f45-1bad-4158-b451-166486a6f1f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2481 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93ec4f45-1bad-4158-b451-166486a6f1f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2480 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93ec4f45-1bad-4158-b451-166486a6f1f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2479 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93ec4f45-1bad-4158-b451-166486a6f1f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2478 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93ec4f45-1bad-4158-b451-166486a6f1f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2477 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93ec4f45-1bad-4158-b451-166486a6f1f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2476 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93ec4f45-1bad-4158-b451-166486a6f1f7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2475 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6041bfc3-a921-4006-834f-18dda65cf4b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=59a43631-cdb8-43cf-8948-58a40b3714a9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2474 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6041bfc3-a921-4006-834f-18dda65cf4b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2473 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6041bfc3-a921-4006-834f-18dda65cf4b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2472 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6041bfc3-a921-4006-834f-18dda65cf4b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2471 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6041bfc3-a921-4006-834f-18dda65cf4b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2470 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6041bfc3-a921-4006-834f-18dda65cf4b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2469 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6041bfc3-a921-4006-834f-18dda65cf4b7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2468 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=72a249fc-6820-4749-a1d3-705248c9c5e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQAzAEEARABrAEEATwBRAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEUAQQBOAHcAQQB5AEEARABFAEEATQB3AEEAMABBAEQARQBBAE0AZwBBAHkAQQBEAGsAQQBNAHcAQQAzAEEARABrAEEATgBnAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=9de9f754-c492-429f-8556-04a96b443e4a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2467 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d07cd16f-89f3-40ac-a911-644fbf829202
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADkAOQAuADMANwAtADEANwAyADEAMwA0ADEAMgAyADkAMwA3ADkANgA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=4e0ec185-7fb3-43e7-a5f9-6a7449951813
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2466 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d07cd16f-89f3-40ac-a911-644fbf829202
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADkAOQAuADMANwAtADEANwAyADEAMwA0ADEAMgAyADkAMwA3ADkANgA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=4e0ec185-7fb3-43e7-a5f9-6a7449951813
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2465 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d07cd16f-89f3-40ac-a911-644fbf829202
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADkAOQAuADMANwAtADEANwAyADEAMwA0ADEAMgAyADkAMwA3ADkANgA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2464 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d07cd16f-89f3-40ac-a911-644fbf829202
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADkAOQAuADMANwAtADEANwAyADEAMwA0ADEAMgAyADkAMwA3ADkANgA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2463 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d07cd16f-89f3-40ac-a911-644fbf829202
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADkAOQAuADMANwAtADEANwAyADEAMwA0ADEAMgAyADkAMwA3ADkANgA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2462 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d07cd16f-89f3-40ac-a911-644fbf829202
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADkAOQAuADMANwAtADEANwAyADEAMwA0ADEAMgAyADkAMwA3ADkANgA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2461 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d07cd16f-89f3-40ac-a911-644fbf829202
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADkAOQAuADMANwAtADEANwAyADEAMwA0ADEAMgAyADkAMwA3ADkANgA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2460 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d07cd16f-89f3-40ac-a911-644fbf829202
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADkAOQAuADMANwAtADEANwAyADEAMwA0ADEAMgAyADkAMwA3ADkANgA2ACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2459 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=72a249fc-6820-4749-a1d3-705248c9c5e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQAzAEEARABrAEEATwBRAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEUAQQBOAHcAQQB5AEEARABFAEEATQB3AEEAMABBAEQARQBBAE0AZwBBAHkAQQBEAGsAQQBNAHcAQQAzAEEARABrAEEATgBnAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=9de9f754-c492-429f-8556-04a96b443e4a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2458 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=72a249fc-6820-4749-a1d3-705248c9c5e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQAzAEEARABrAEEATwBRAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEUAQQBOAHcAQQB5AEEARABFAEEATQB3AEEAMABBAEQARQBBAE0AZwBBAHkAQQBEAGsAQQBNAHcAQQAzAEEARABrAEEATgBnAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2457 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=72a249fc-6820-4749-a1d3-705248c9c5e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQAzAEEARABrAEEATwBRAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEUAQQBOAHcAQQB5AEEARABFAEEATQB3AEEAMABBAEQARQBBAE0AZwBBAHkAQQBEAGsAQQBNAHcAQQAzAEEARABrAEEATgBnAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2456 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=72a249fc-6820-4749-a1d3-705248c9c5e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQAzAEEARABrAEEATwBRAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEUAQQBOAHcAQQB5AEEARABFAEEATQB3AEEAMABBAEQARQBBAE0AZwBBAHkAQQBEAGsAQQBNAHcAQQAzAEEARABrAEEATgBnAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2455 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=72a249fc-6820-4749-a1d3-705248c9c5e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQAzAEEARABrAEEATwBRAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEUAQQBOAHcAQQB5AEEARABFAEEATQB3AEEAMABBAEQARQBBAE0AZwBBAHkAQQBEAGsAQQBNAHcAQQAzAEEARABrAEEATgBnAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2454 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=72a249fc-6820-4749-a1d3-705248c9c5e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQAzAEEARABrAEEATwBRAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEUAQQBOAHcAQQB5AEEARABFAEEATQB3AEEAMABBAEQARQBBAE0AZwBBAHkAQQBEAGsAQQBNAHcAQQAzAEEARABrAEEATgBnAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2453 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=72a249fc-6820-4749-a1d3-705248c9c5e2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQAzAEEARABrAEEATwBRAEEAdQBBAEQATQBBAE4AdwBBAHQAQQBEAEUAQQBOAHcAQQB5AEEARABFAEEATQB3AEEAMABBAEQARQBBAE0AZwBBAHkAQQBEAGsAQQBNAHcAQQAzAEEARABrAEEATgBnAEEAMgBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2452 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1dc5a169-168d-4221-8810-7960d98a12e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fad7a23e-714c-4024-b1fa-8a462be19998
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2451 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ed0f753-59c4-49ab-af34-74a8194d8139
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=60d96d1c-6c87-41e0-8370-4222d1fbe51f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2450 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ed0f753-59c4-49ab-af34-74a8194d8139
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2449 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ed0f753-59c4-49ab-af34-74a8194d8139
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2448 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ed0f753-59c4-49ab-af34-74a8194d8139
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2447 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ed0f753-59c4-49ab-af34-74a8194d8139
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2446 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ed0f753-59c4-49ab-af34-74a8194d8139
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2445 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ed0f753-59c4-49ab-af34-74a8194d8139
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2444 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ed0f753-59c4-49ab-af34-74a8194d8139
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2443 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=4ed0f753-59c4-49ab-af34-74a8194d8139
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2442 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1dc5a169-168d-4221-8810-7960d98a12e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fad7a23e-714c-4024-b1fa-8a462be19998
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2441 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1dc5a169-168d-4221-8810-7960d98a12e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2440 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1dc5a169-168d-4221-8810-7960d98a12e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2439 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1dc5a169-168d-4221-8810-7960d98a12e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2438 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1dc5a169-168d-4221-8810-7960d98a12e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2437 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1dc5a169-168d-4221-8810-7960d98a12e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2436 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1dc5a169-168d-4221-8810-7960d98a12e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2435 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b8c0ce5f-da80-46bb-b3a1-08628cba6b99
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADkAOQAuADMANwAtADEANwAyADEAMwA0ADEAMgAyADkAMwA3ADkANgA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=ed265cf4-4eba-4fc6-98ec-ebe3adf2bc23
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2434 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b8c0ce5f-da80-46bb-b3a1-08628cba6b99
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADkAOQAuADMANwAtADEANwAyADEAMwA0ADEAMgAyADkAMwA3ADkANgA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=ed265cf4-4eba-4fc6-98ec-ebe3adf2bc23
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2433 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b8c0ce5f-da80-46bb-b3a1-08628cba6b99
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADkAOQAuADMANwAtADEANwAyADEAMwA0ADEAMgAyADkAMwA3ADkANgA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2432 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b8c0ce5f-da80-46bb-b3a1-08628cba6b99
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADkAOQAuADMANwAtADEANwAyADEAMwA0ADEAMgAyADkAMwA3ADkANgA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2431 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b8c0ce5f-da80-46bb-b3a1-08628cba6b99
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADkAOQAuADMANwAtADEANwAyADEAMwA0ADEAMgAyADkAMwA3ADkANgA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2430 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b8c0ce5f-da80-46bb-b3a1-08628cba6b99
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADkAOQAuADMANwAtADEANwAyADEAMwA0ADEAMgAyADkAMwA3ADkANgA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2429 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b8c0ce5f-da80-46bb-b3a1-08628cba6b99
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADkAOQAuADMANwAtADEANwAyADEAMwA0ADEAMgAyADkAMwA3ADkANgA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2428 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b8c0ce5f-da80-46bb-b3a1-08628cba6b99
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADkAOQAuADMANwAtADEANwAyADEAMwA0ADEAMgAyADkAMwA3ADkANgA2AFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2427 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a85158c5-f22f-4308-b84a-cf3df47342da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGMAQQBPAFEAQQA1AEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AUQBBADMAQQBEAEkAQQBNAFEAQQB6AEEARABRAEEATQBRAEEAeQBBAEQASQBBAE8AUQBBAHoAQQBEAGMAQQBPAFEAQQAyAEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=4c3f7466-d8a2-407e-9ea6-35d6447c84bd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2426 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7cfad46-a169-4389-b978-f0559a6e3779
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADcAOQA5AC4AMwA3AC0AMQA3ADIAMQAzADQAMQAyADIAOQAzADcAOQA2ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=c55db31f-d87c-430e-a334-2e74c7f971a4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2425 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 6:00:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7cfad46-a169-4389-b978-f0559a6e3779
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADcAOQA5AC4AMwA3AC0AMQA3ADIAMQAzADQAMQAyADIAOQAzADcAOQA2ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=c55db31f-d87c-430e-a334-2e74c7f971a4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2424 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7cfad46-a169-4389-b978-f0559a6e3779
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADcAOQA5AC4AMwA3AC0AMQA3ADIAMQAzADQAMQAyADIAOQAzADcAOQA2ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2423 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7cfad46-a169-4389-b978-f0559a6e3779
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADcAOQA5AC4AMwA3AC0AMQA3ADIAMQAzADQAMQAyADIAOQAzADcAOQA2ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2422 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7cfad46-a169-4389-b978-f0559a6e3779
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADcAOQA5AC4AMwA3AC0AMQA3ADIAMQAzADQAMQAyADIAOQAzADcAOQA2ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2421 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7cfad46-a169-4389-b978-f0559a6e3779
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADcAOQA5AC4AMwA3AC0AMQA3ADIAMQAzADQAMQAyADIAOQAzADcAOQA2ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2420 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7cfad46-a169-4389-b978-f0559a6e3779
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADcAOQA5AC4AMwA3AC0AMQA3ADIAMQAzADQAMQAyADIAOQAzADcAOQA2ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2419 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f7cfad46-a169-4389-b978-f0559a6e3779
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADcAOQA5AC4AMwA3AC0AMQA3ADIAMQAzADQAMQAyADIAOQAzADcAOQA2ADYAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2418 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a85158c5-f22f-4308-b84a-cf3df47342da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGMAQQBPAFEAQQA1AEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AUQBBADMAQQBEAEkAQQBNAFEAQQB6AEEARABRAEEATQBRAEEAeQBBAEQASQBBAE8AUQBBAHoAQQBEAGMAQQBPAFEAQQAyAEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=4c3f7466-d8a2-407e-9ea6-35d6447c84bd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2417 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a85158c5-f22f-4308-b84a-cf3df47342da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGMAQQBPAFEAQQA1AEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AUQBBADMAQQBEAEkAQQBNAFEAQQB6AEEARABRAEEATQBRAEEAeQBBAEQASQBBAE8AUQBBAHoAQQBEAGMAQQBPAFEAQQAyAEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2416 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a85158c5-f22f-4308-b84a-cf3df47342da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGMAQQBPAFEAQQA1AEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AUQBBADMAQQBEAEkAQQBNAFEAQQB6AEEARABRAEEATQBRAEEAeQBBAEQASQBBAE8AUQBBAHoAQQBEAGMAQQBPAFEAQQAyAEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2415 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a85158c5-f22f-4308-b84a-cf3df47342da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGMAQQBPAFEAQQA1AEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AUQBBADMAQQBEAEkAQQBNAFEAQQB6AEEARABRAEEATQBRAEEAeQBBAEQASQBBAE8AUQBBAHoAQQBEAGMAQQBPAFEAQQAyAEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2414 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a85158c5-f22f-4308-b84a-cf3df47342da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGMAQQBPAFEAQQA1AEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AUQBBADMAQQBEAEkAQQBNAFEAQQB6AEEARABRAEEATQBRAEEAeQBBAEQASQBBAE8AUQBBAHoAQQBEAGMAQQBPAFEAQQAyAEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2413 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a85158c5-f22f-4308-b84a-cf3df47342da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGMAQQBPAFEAQQA1AEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AUQBBADMAQQBEAEkAQQBNAFEAQQB6AEEARABRAEEATQBRAEEAeQBBAEQASQBBAE8AUQBBAHoAQQBEAGMAQQBPAFEAQQAyAEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2412 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a85158c5-f22f-4308-b84a-cf3df47342da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGMAQQBPAFEAQQA1AEEAQwA0AEEATQB3AEEAMwBBAEMAMABBAE0AUQBBADMAQQBEAEkAQQBNAFEAQQB6AEEARABRAEEATQBRAEEAeQBBAEQASQBBAE8AUQBBAHoAQQBEAGMAQQBPAFEAQQAyAEEARABZAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2411 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b962fa32-8cec-4e92-8696-12b8e58d223a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a7afa079-0b1b-4c24-be48-3beab0950552
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2410 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=02a84f6d-a0d4-44d6-98ef-e5eb6140ed9c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9385745b-a54d-45a7-84ec-415f15e0f8b4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2409 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=02a84f6d-a0d4-44d6-98ef-e5eb6140ed9c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2408 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=02a84f6d-a0d4-44d6-98ef-e5eb6140ed9c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2407 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=02a84f6d-a0d4-44d6-98ef-e5eb6140ed9c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2406 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=02a84f6d-a0d4-44d6-98ef-e5eb6140ed9c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2405 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=02a84f6d-a0d4-44d6-98ef-e5eb6140ed9c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2404 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=02a84f6d-a0d4-44d6-98ef-e5eb6140ed9c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2403 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=02a84f6d-a0d4-44d6-98ef-e5eb6140ed9c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2402 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=02a84f6d-a0d4-44d6-98ef-e5eb6140ed9c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2401 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b962fa32-8cec-4e92-8696-12b8e58d223a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a7afa079-0b1b-4c24-be48-3beab0950552
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2400 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b962fa32-8cec-4e92-8696-12b8e58d223a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2399 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b962fa32-8cec-4e92-8696-12b8e58d223a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2398 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b962fa32-8cec-4e92-8696-12b8e58d223a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2397 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b962fa32-8cec-4e92-8696-12b8e58d223a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2396 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b962fa32-8cec-4e92-8696-12b8e58d223a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2395 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b962fa32-8cec-4e92-8696-12b8e58d223a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2394 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2e62f644-9a7d-49d5-8b75-d6977a5cb50c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=81b2ed12-258d-4b39-a3fd-f7580f6d8a0c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2393 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b499e90f-91a9-49ea-9ad3-0534917aa669
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=5.1.14393.1944
RunspaceId=274542cd-0b17-4f87-af32-a277ea80cf92
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2392 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:59:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b499e90f-91a9-49ea-9ad3-0534917aa669
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=5.1.14393.1944
RunspaceId=274542cd-0b17-4f87-af32-a277ea80cf92
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2391 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b499e90f-91a9-49ea-9ad3-0534917aa669
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2390 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b499e90f-91a9-49ea-9ad3-0534917aa669
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2389 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b499e90f-91a9-49ea-9ad3-0534917aa669
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2388 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b499e90f-91a9-49ea-9ad3-0534917aa669
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2387 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b499e90f-91a9-49ea-9ad3-0534917aa669
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2386 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b499e90f-91a9-49ea-9ad3-0534917aa669
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AZQB1AHQAcgBvAG4A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2385 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9b876c7a-a3bc-4517-b796-1e375f28dd85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2ecefefd-fba6-44e6-89c2-b7824bd61d56
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2384 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9b876c7a-a3bc-4517-b796-1e375f28dd85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2ecefefd-fba6-44e6-89c2-b7824bd61d56
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2383 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9b876c7a-a3bc-4517-b796-1e375f28dd85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2382 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9b876c7a-a3bc-4517-b796-1e375f28dd85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2381 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9b876c7a-a3bc-4517-b796-1e375f28dd85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2380 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9b876c7a-a3bc-4517-b796-1e375f28dd85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2379 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9b876c7a-a3bc-4517-b796-1e375f28dd85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2378 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9b876c7a-a3bc-4517-b796-1e375f28dd85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2377 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9b876c7a-a3bc-4517-b796-1e375f28dd85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2376 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9b876c7a-a3bc-4517-b796-1e375f28dd85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2375 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2e62f644-9a7d-49d5-8b75-d6977a5cb50c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=81b2ed12-258d-4b39-a3fd-f7580f6d8a0c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2374 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2e62f644-9a7d-49d5-8b75-d6977a5cb50c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2373 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2e62f644-9a7d-49d5-8b75-d6977a5cb50c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2372 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2e62f644-9a7d-49d5-8b75-d6977a5cb50c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2371 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2e62f644-9a7d-49d5-8b75-d6977a5cb50c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2370 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2e62f644-9a7d-49d5-8b75-d6977a5cb50c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2369 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2e62f644-9a7d-49d5-8b75-d6977a5cb50c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2368 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4cb76b89-af5c-4732-86fb-b02c71cbe065
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2410256a-2fca-4e97-acab-b2862d648a7e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2367 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a985cc0a-25bb-4f39-953e-c339918edfe1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA=
EngineVersion=5.1.14393.1944
RunspaceId=f6190f70-dff4-4653-bac4-02b56f21e37a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2366 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a985cc0a-25bb-4f39-953e-c339918edfe1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA=
EngineVersion=5.1.14393.1944
RunspaceId=f6190f70-dff4-4653-bac4-02b56f21e37a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2365 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a985cc0a-25bb-4f39-953e-c339918edfe1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2364 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a985cc0a-25bb-4f39-953e-c339918edfe1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2363 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a985cc0a-25bb-4f39-953e-c339918edfe1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2362 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a985cc0a-25bb-4f39-953e-c339918edfe1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2361 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a985cc0a-25bb-4f39-953e-c339918edfe1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2360 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a985cc0a-25bb-4f39-953e-c339918edfe1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AZQB1AHQAcgBvAG4AIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AZQB1AHQAcgBvAG4AIwBlAGcAZwA9AG4AZQB1AHQAcgBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2359 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=324c6fe8-181b-4747-9eb4-47b2f79148e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a995b47b-80b8-47fe-b75a-d23c4ef9bd1c
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2358 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=324c6fe8-181b-4747-9eb4-47b2f79148e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a995b47b-80b8-47fe-b75a-d23c4ef9bd1c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2357 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=324c6fe8-181b-4747-9eb4-47b2f79148e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2356 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=324c6fe8-181b-4747-9eb4-47b2f79148e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2355 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=324c6fe8-181b-4747-9eb4-47b2f79148e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2354 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=324c6fe8-181b-4747-9eb4-47b2f79148e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2353 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=324c6fe8-181b-4747-9eb4-47b2f79148e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2352 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=324c6fe8-181b-4747-9eb4-47b2f79148e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2351 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=324c6fe8-181b-4747-9eb4-47b2f79148e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2350 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=324c6fe8-181b-4747-9eb4-47b2f79148e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2349 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4cb76b89-af5c-4732-86fb-b02c71cbe065
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2410256a-2fca-4e97-acab-b2862d648a7e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2348 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4cb76b89-af5c-4732-86fb-b02c71cbe065
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2347 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4cb76b89-af5c-4732-86fb-b02c71cbe065
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2346 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4cb76b89-af5c-4732-86fb-b02c71cbe065
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2345 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4cb76b89-af5c-4732-86fb-b02c71cbe065
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2344 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4cb76b89-af5c-4732-86fb-b02c71cbe065
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2343 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4cb76b89-af5c-4732-86fb-b02c71cbe065
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2342 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c1f43f9-9f60-40c0-8089-cbd920534394
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ed435b7a-55d4-4afb-ab7f-f11e0402b30c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2341 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7438a55-e4db-4fe7-81d9-0daaadae2419
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=9417a441-7757-40b1-81d5-ab78ddb550f1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2340 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7438a55-e4db-4fe7-81d9-0daaadae2419
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=9417a441-7757-40b1-81d5-ab78ddb550f1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2339 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7438a55-e4db-4fe7-81d9-0daaadae2419
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2338 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7438a55-e4db-4fe7-81d9-0daaadae2419
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2337 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7438a55-e4db-4fe7-81d9-0daaadae2419
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2336 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7438a55-e4db-4fe7-81d9-0daaadae2419
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2335 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7438a55-e4db-4fe7-81d9-0daaadae2419
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2334 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d7438a55-e4db-4fe7-81d9-0daaadae2419
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAGUAdQB0AHIAbwBuAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2333 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c2154c16-ba0b-4cb1-872e-67dc16955e9d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=84e14034-9fa4-4c15-896b-bd7604fba3da
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2332 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c2154c16-ba0b-4cb1-872e-67dc16955e9d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=84e14034-9fa4-4c15-896b-bd7604fba3da
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2331 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c2154c16-ba0b-4cb1-872e-67dc16955e9d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2330 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c2154c16-ba0b-4cb1-872e-67dc16955e9d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2329 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c2154c16-ba0b-4cb1-872e-67dc16955e9d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2328 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c2154c16-ba0b-4cb1-872e-67dc16955e9d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2327 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c2154c16-ba0b-4cb1-872e-67dc16955e9d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2326 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c2154c16-ba0b-4cb1-872e-67dc16955e9d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2325 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c2154c16-ba0b-4cb1-872e-67dc16955e9d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2324 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c2154c16-ba0b-4cb1-872e-67dc16955e9d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2323 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c1f43f9-9f60-40c0-8089-cbd920534394
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ed435b7a-55d4-4afb-ab7f-f11e0402b30c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2322 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c1f43f9-9f60-40c0-8089-cbd920534394
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2321 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c1f43f9-9f60-40c0-8089-cbd920534394
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2320 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c1f43f9-9f60-40c0-8089-cbd920534394
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2319 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c1f43f9-9f60-40c0-8089-cbd920534394
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2318 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c1f43f9-9f60-40c0-8089-cbd920534394
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2317 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c1f43f9-9f60-40c0-8089-cbd920534394
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2316 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e013bf66-d763-41d4-840e-aefb8c375092
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQAzAEEARABFAEEATgBRAEEAdQBBAEQAWQBBAE0AUQBBAHQAQQBEAFkAQQBOAGcAQQB6AEEARABNAEEATwBRAEEAMwBBAEQAQQBBAE0AdwBBAHcAQQBEAFkAQQBNAHcAQQAwAEEARABnAEEATQBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=93a1b83e-f328-4476-8562-f415cf41d83c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2315 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d8ce367e-d44c-41de-98bf-bc4eefa6573d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADEANQAuADYAMQAtADYANgAzADMAOQA3ADAAMwAwADYAMwA0ADgAMQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=e3cb84fa-5b80-4037-9f37-99acac7786f4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2314 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d8ce367e-d44c-41de-98bf-bc4eefa6573d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADEANQAuADYAMQAtADYANgAzADMAOQA3ADAAMwAwADYAMwA0ADgAMQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=e3cb84fa-5b80-4037-9f37-99acac7786f4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2313 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d8ce367e-d44c-41de-98bf-bc4eefa6573d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADEANQAuADYAMQAtADYANgAzADMAOQA3ADAAMwAwADYAMwA0ADgAMQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2312 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d8ce367e-d44c-41de-98bf-bc4eefa6573d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADEANQAuADYAMQAtADYANgAzADMAOQA3ADAAMwAwADYAMwA0ADgAMQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2311 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d8ce367e-d44c-41de-98bf-bc4eefa6573d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADEANQAuADYAMQAtADYANgAzADMAOQA3ADAAMwAwADYAMwA0ADgAMQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2310 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d8ce367e-d44c-41de-98bf-bc4eefa6573d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADEANQAuADYAMQAtADYANgAzADMAOQA3ADAAMwAwADYAMwA0ADgAMQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2309 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d8ce367e-d44c-41de-98bf-bc4eefa6573d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADEANQAuADYAMQAtADYANgAzADMAOQA3ADAAMwAwADYAMwA0ADgAMQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2308 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d8ce367e-d44c-41de-98bf-bc4eefa6573d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADEANQAuADYAMQAtADYANgAzADMAOQA3ADAAMwAwADYAMwA0ADgAMQAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2307 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e013bf66-d763-41d4-840e-aefb8c375092
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQAzAEEARABFAEEATgBRAEEAdQBBAEQAWQBBAE0AUQBBAHQAQQBEAFkAQQBOAGcAQQB6AEEARABNAEEATwBRAEEAMwBBAEQAQQBBAE0AdwBBAHcAQQBEAFkAQQBNAHcAQQAwAEEARABnAEEATQBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=93a1b83e-f328-4476-8562-f415cf41d83c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2306 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e013bf66-d763-41d4-840e-aefb8c375092
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQAzAEEARABFAEEATgBRAEEAdQBBAEQAWQBBAE0AUQBBAHQAQQBEAFkAQQBOAGcAQQB6AEEARABNAEEATwBRAEEAMwBBAEQAQQBBAE0AdwBBAHcAQQBEAFkAQQBNAHcAQQAwAEEARABnAEEATQBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2305 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e013bf66-d763-41d4-840e-aefb8c375092
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQAzAEEARABFAEEATgBRAEEAdQBBAEQAWQBBAE0AUQBBAHQAQQBEAFkAQQBOAGcAQQB6AEEARABNAEEATwBRAEEAMwBBAEQAQQBBAE0AdwBBAHcAQQBEAFkAQQBNAHcAQQAwAEEARABnAEEATQBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2304 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e013bf66-d763-41d4-840e-aefb8c375092
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQAzAEEARABFAEEATgBRAEEAdQBBAEQAWQBBAE0AUQBBAHQAQQBEAFkAQQBOAGcAQQB6AEEARABNAEEATwBRAEEAMwBBAEQAQQBBAE0AdwBBAHcAQQBEAFkAQQBNAHcAQQAwAEEARABnAEEATQBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2303 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e013bf66-d763-41d4-840e-aefb8c375092
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQAzAEEARABFAEEATgBRAEEAdQBBAEQAWQBBAE0AUQBBAHQAQQBEAFkAQQBOAGcAQQB6AEEARABNAEEATwBRAEEAMwBBAEQAQQBBAE0AdwBBAHcAQQBEAFkAQQBNAHcAQQAwAEEARABnAEEATQBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2302 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e013bf66-d763-41d4-840e-aefb8c375092
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQAzAEEARABFAEEATgBRAEEAdQBBAEQAWQBBAE0AUQBBAHQAQQBEAFkAQQBOAGcAQQB6AEEARABNAEEATwBRAEEAMwBBAEQAQQBBAE0AdwBBAHcAQQBEAFkAQQBNAHcAQQAwAEEARABnAEEATQBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2301 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e013bf66-d763-41d4-840e-aefb8c375092
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQAzAEEARABFAEEATgBRAEEAdQBBAEQAWQBBAE0AUQBBAHQAQQBEAFkAQQBOAGcAQQB6AEEARABNAEEATwBRAEEAMwBBAEQAQQBBAE0AdwBBAHcAQQBEAFkAQQBNAHcAQQAwAEEARABnAEEATQBRAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2300 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=447e6249-fc95-4db7-ad6b-eb767f95fea5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8ca85c92-eb44-4649-bcd0-4e8b5d4632bd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2299 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db73aa94-9cd7-4a0a-a6f5-8f2843d1eba9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f89ba14c-3bf2-4022-8d07-817c101e6e96
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2298 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db73aa94-9cd7-4a0a-a6f5-8f2843d1eba9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2297 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db73aa94-9cd7-4a0a-a6f5-8f2843d1eba9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2296 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db73aa94-9cd7-4a0a-a6f5-8f2843d1eba9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2295 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db73aa94-9cd7-4a0a-a6f5-8f2843d1eba9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2294 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db73aa94-9cd7-4a0a-a6f5-8f2843d1eba9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2293 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db73aa94-9cd7-4a0a-a6f5-8f2843d1eba9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2292 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db73aa94-9cd7-4a0a-a6f5-8f2843d1eba9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2291 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=db73aa94-9cd7-4a0a-a6f5-8f2843d1eba9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2290 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=447e6249-fc95-4db7-ad6b-eb767f95fea5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8ca85c92-eb44-4649-bcd0-4e8b5d4632bd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2289 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=447e6249-fc95-4db7-ad6b-eb767f95fea5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2288 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=447e6249-fc95-4db7-ad6b-eb767f95fea5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2287 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=447e6249-fc95-4db7-ad6b-eb767f95fea5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2286 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=447e6249-fc95-4db7-ad6b-eb767f95fea5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2285 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=447e6249-fc95-4db7-ad6b-eb767f95fea5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2284 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=447e6249-fc95-4db7-ad6b-eb767f95fea5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2283 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee43ea02-7dfa-45c4-ba53-a5ee8872587a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADEANQAuADYAMQAtADYANgAzADMAOQA3ADAAMwAwADYAMwA0ADgAMQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=8af5e923-d4da-403d-a289-bc306076520f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2282 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee43ea02-7dfa-45c4-ba53-a5ee8872587a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADEANQAuADYAMQAtADYANgAzADMAOQA3ADAAMwAwADYAMwA0ADgAMQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=8af5e923-d4da-403d-a289-bc306076520f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2281 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee43ea02-7dfa-45c4-ba53-a5ee8872587a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADEANQAuADYAMQAtADYANgAzADMAOQA3ADAAMwAwADYAMwA0ADgAMQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2280 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee43ea02-7dfa-45c4-ba53-a5ee8872587a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADEANQAuADYAMQAtADYANgAzADMAOQA3ADAAMwAwADYAMwA0ADgAMQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2279 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee43ea02-7dfa-45c4-ba53-a5ee8872587a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADEANQAuADYAMQAtADYANgAzADMAOQA3ADAAMwAwADYAMwA0ADgAMQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2278 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee43ea02-7dfa-45c4-ba53-a5ee8872587a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADEANQAuADYAMQAtADYANgAzADMAOQA3ADAAMwAwADYAMwA0ADgAMQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2277 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee43ea02-7dfa-45c4-ba53-a5ee8872587a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADEANQAuADYAMQAtADYANgAzADMAOQA3ADAAMwAwADYAMwA0ADgAMQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2276 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ee43ea02-7dfa-45c4-ba53-a5ee8872587a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA3ADEANQAuADYAMQAtADYANgAzADMAOQA3ADAAMwAwADYAMwA0ADgAMQBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2275 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47da3c55-b9e5-4b42-908f-abb9a6ba2a09
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGMAQQBNAFEAQQAxAEEAQwA0AEEATgBnAEEAeABBAEMAMABBAE4AZwBBADIAQQBEAE0AQQBNAHcAQQA1AEEARABjAEEATQBBAEEAegBBAEQAQQBBAE4AZwBBAHoAQQBEAFEAQQBPAEEAQQB4AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=bb6cd66f-9069-44df-b087-fc9576d84d60
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2274 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3a84ed4d-3f87-4a3a-9454-61fb7605545b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADcAMQA1AC4ANgAxAC0ANgA2ADMAMwA5ADcAMAAzADAANgAzADQAOAAxACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=114f9fa7-d99c-4ae9-8385-546891a48e1a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2273 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3a84ed4d-3f87-4a3a-9454-61fb7605545b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADcAMQA1AC4ANgAxAC0ANgA2ADMAMwA5ADcAMAAzADAANgAzADQAOAAxACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=114f9fa7-d99c-4ae9-8385-546891a48e1a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2272 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3a84ed4d-3f87-4a3a-9454-61fb7605545b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADcAMQA1AC4ANgAxAC0ANgA2ADMAMwA5ADcAMAAzADAANgAzADQAOAAxACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2271 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3a84ed4d-3f87-4a3a-9454-61fb7605545b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADcAMQA1AC4ANgAxAC0ANgA2ADMAMwA5ADcAMAAzADAANgAzADQAOAAxACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2270 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3a84ed4d-3f87-4a3a-9454-61fb7605545b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADcAMQA1AC4ANgAxAC0ANgA2ADMAMwA5ADcAMAAzADAANgAzADQAOAAxACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2269 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3a84ed4d-3f87-4a3a-9454-61fb7605545b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADcAMQA1AC4ANgAxAC0ANgA2ADMAMwA5ADcAMAAzADAANgAzADQAOAAxACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2268 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3a84ed4d-3f87-4a3a-9454-61fb7605545b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADcAMQA1AC4ANgAxAC0ANgA2ADMAMwA5ADcAMAAzADAANgAzADQAOAAxACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2267 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3a84ed4d-3f87-4a3a-9454-61fb7605545b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADcAMQA1AC4ANgAxAC0ANgA2ADMAMwA5ADcAMAAzADAANgAzADQAOAAxACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2266 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47da3c55-b9e5-4b42-908f-abb9a6ba2a09
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGMAQQBNAFEAQQAxAEEAQwA0AEEATgBnAEEAeABBAEMAMABBAE4AZwBBADIAQQBEAE0AQQBNAHcAQQA1AEEARABjAEEATQBBAEEAegBBAEQAQQBBAE4AZwBBAHoAQQBEAFEAQQBPAEEAQQB4AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=bb6cd66f-9069-44df-b087-fc9576d84d60
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2265 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47da3c55-b9e5-4b42-908f-abb9a6ba2a09
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGMAQQBNAFEAQQAxAEEAQwA0AEEATgBnAEEAeABBAEMAMABBAE4AZwBBADIAQQBEAE0AQQBNAHcAQQA1AEEARABjAEEATQBBAEEAegBBAEQAQQBBAE4AZwBBAHoAQQBEAFEAQQBPAEEAQQB4AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2264 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47da3c55-b9e5-4b42-908f-abb9a6ba2a09
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGMAQQBNAFEAQQAxAEEAQwA0AEEATgBnAEEAeABBAEMAMABBAE4AZwBBADIAQQBEAE0AQQBNAHcAQQA1AEEARABjAEEATQBBAEEAegBBAEQAQQBBAE4AZwBBAHoAQQBEAFEAQQBPAEEAQQB4AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2263 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47da3c55-b9e5-4b42-908f-abb9a6ba2a09
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGMAQQBNAFEAQQAxAEEAQwA0AEEATgBnAEEAeABBAEMAMABBAE4AZwBBADIAQQBEAE0AQQBNAHcAQQA1AEEARABjAEEATQBBAEEAegBBAEQAQQBBAE4AZwBBAHoAQQBEAFEAQQBPAEEAQQB4AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2262 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47da3c55-b9e5-4b42-908f-abb9a6ba2a09
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGMAQQBNAFEAQQAxAEEAQwA0AEEATgBnAEEAeABBAEMAMABBAE4AZwBBADIAQQBEAE0AQQBNAHcAQQA1AEEARABjAEEATQBBAEEAegBBAEQAQQBBAE4AZwBBAHoAQQBEAFEAQQBPAEEAQQB4AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2261 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47da3c55-b9e5-4b42-908f-abb9a6ba2a09
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGMAQQBNAFEAQQAxAEEAQwA0AEEATgBnAEEAeABBAEMAMABBAE4AZwBBADIAQQBEAE0AQQBNAHcAQQA1AEEARABjAEEATQBBAEEAegBBAEQAQQBBAE4AZwBBAHoAQQBEAFEAQQBPAEEAQQB4AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2260 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47da3c55-b9e5-4b42-908f-abb9a6ba2a09
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAGMAQQBNAFEAQQAxAEEAQwA0AEEATgBnAEEAeABBAEMAMABBAE4AZwBBADIAQQBEAE0AQQBNAHcAQQA1AEEARABjAEEATQBBAEEAegBBAEQAQQBBAE4AZwBBAHoAQQBEAFEAQQBPAEEAQQB4AEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2259 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0e40431f-2b32-48bf-b42a-2099da8343a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a6781e4d-d122-4e16-a5a5-46ccdc9f04ab
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2258 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=865984a9-4e25-452f-8883-6bce709a970b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fe70bcdf-1ab7-4b7f-a131-9c0ff22feecc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2257 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=865984a9-4e25-452f-8883-6bce709a970b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2256 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=865984a9-4e25-452f-8883-6bce709a970b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2255 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=865984a9-4e25-452f-8883-6bce709a970b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2254 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=865984a9-4e25-452f-8883-6bce709a970b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2253 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=865984a9-4e25-452f-8883-6bce709a970b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2252 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=865984a9-4e25-452f-8883-6bce709a970b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2251 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=865984a9-4e25-452f-8883-6bce709a970b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2250 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=865984a9-4e25-452f-8883-6bce709a970b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2249 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0e40431f-2b32-48bf-b42a-2099da8343a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a6781e4d-d122-4e16-a5a5-46ccdc9f04ab
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2248 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0e40431f-2b32-48bf-b42a-2099da8343a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2247 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0e40431f-2b32-48bf-b42a-2099da8343a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2246 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0e40431f-2b32-48bf-b42a-2099da8343a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2245 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0e40431f-2b32-48bf-b42a-2099da8343a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2244 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0e40431f-2b32-48bf-b42a-2099da8343a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2243 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0e40431f-2b32-48bf-b42a-2099da8343a6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2242 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d98742bc-4fef-441a-a013-b0a34884c6c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=be50a1e7-9f71-49c2-8f2b-d4d67c1e587a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2241 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b57f29e7-618c-4612-91c9-e10f2faacb64
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=5.1.14393.1944
RunspaceId=729af251-6184-44f4-975e-c576efe10259
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2240 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:58:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b57f29e7-618c-4612-91c9-e10f2faacb64
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=5.1.14393.1944
RunspaceId=729af251-6184-44f4-975e-c576efe10259
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2239 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b57f29e7-618c-4612-91c9-e10f2faacb64
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2238 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b57f29e7-618c-4612-91c9-e10f2faacb64
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2237 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b57f29e7-618c-4612-91c9-e10f2faacb64
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2236 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b57f29e7-618c-4612-91c9-e10f2faacb64
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2235 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b57f29e7-618c-4612-91c9-e10f2faacb64
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2234 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b57f29e7-618c-4612-91c9-e10f2faacb64
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAG4AbwB2AGEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2233 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3cc28314-d2fc-4c24-abb4-6342373bc86b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4049820c-341e-44d8-b1cc-d837acbac74e
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2232 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3cc28314-d2fc-4c24-abb4-6342373bc86b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=4049820c-341e-44d8-b1cc-d837acbac74e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2231 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3cc28314-d2fc-4c24-abb4-6342373bc86b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2230 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3cc28314-d2fc-4c24-abb4-6342373bc86b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2229 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3cc28314-d2fc-4c24-abb4-6342373bc86b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2228 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3cc28314-d2fc-4c24-abb4-6342373bc86b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2227 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3cc28314-d2fc-4c24-abb4-6342373bc86b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2226 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3cc28314-d2fc-4c24-abb4-6342373bc86b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2225 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3cc28314-d2fc-4c24-abb4-6342373bc86b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2224 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=3cc28314-d2fc-4c24-abb4-6342373bc86b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2223 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d98742bc-4fef-441a-a013-b0a34884c6c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=be50a1e7-9f71-49c2-8f2b-d4d67c1e587a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2222 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d98742bc-4fef-441a-a013-b0a34884c6c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2221 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d98742bc-4fef-441a-a013-b0a34884c6c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2220 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d98742bc-4fef-441a-a013-b0a34884c6c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2219 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d98742bc-4fef-441a-a013-b0a34884c6c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2218 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d98742bc-4fef-441a-a013-b0a34884c6c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2217 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d98742bc-4fef-441a-a013-b0a34884c6c0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2216 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a21ad26c-f007-4933-a654-8f2730dc84d1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e726571b-a576-4026-abd7-ede579bd33f0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2215 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=872c6822-b628-41eb-874c-64b8027f6dce
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA=
EngineVersion=5.1.14393.1944
RunspaceId=2d3b6d43-ed09-4fbd-9a63-76f160a946a8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2214 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=872c6822-b628-41eb-874c-64b8027f6dce
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA=
EngineVersion=5.1.14393.1944
RunspaceId=2d3b6d43-ed09-4fbd-9a63-76f160a946a8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2213 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=872c6822-b628-41eb-874c-64b8027f6dce
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2212 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=872c6822-b628-41eb-874c-64b8027f6dce
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2211 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=872c6822-b628-41eb-874c-64b8027f6dce
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2210 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=872c6822-b628-41eb-874c-64b8027f6dce
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2209 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=872c6822-b628-41eb-874c-64b8027f6dce
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2208 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=872c6822-b628-41eb-874c-64b8027f6dce
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABlAGQAaQB0AC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAgAC0ALQAgAG4AbwB2AGEAIAAiAC0AZQAgAGYAaQBsAGUAOgAvAC8ALwBDADoALwBvAHAAZQBuAHMAdABhAGMAawAvAGIAdQBpAGwAZAAvAG4AbwB2AGEAIwBlAGcAZwA9AG4AbwB2AGEAIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2207 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94150297-7722-4e96-adfc-9d4d16212453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=34bd3e8b-1a7b-405d-af11-9ce4fb493c63
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2206 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94150297-7722-4e96-adfc-9d4d16212453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=34bd3e8b-1a7b-405d-af11-9ce4fb493c63
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2205 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94150297-7722-4e96-adfc-9d4d16212453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2204 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94150297-7722-4e96-adfc-9d4d16212453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2203 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94150297-7722-4e96-adfc-9d4d16212453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2202 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94150297-7722-4e96-adfc-9d4d16212453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2201 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94150297-7722-4e96-adfc-9d4d16212453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2200 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94150297-7722-4e96-adfc-9d4d16212453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2199 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94150297-7722-4e96-adfc-9d4d16212453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2198 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94150297-7722-4e96-adfc-9d4d16212453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2197 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a21ad26c-f007-4933-a654-8f2730dc84d1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e726571b-a576-4026-abd7-ede579bd33f0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2196 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a21ad26c-f007-4933-a654-8f2730dc84d1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2195 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a21ad26c-f007-4933-a654-8f2730dc84d1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2194 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a21ad26c-f007-4933-a654-8f2730dc84d1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2193 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a21ad26c-f007-4933-a654-8f2730dc84d1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2192 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a21ad26c-f007-4933-a654-8f2730dc84d1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2191 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a21ad26c-f007-4933-a654-8f2730dc84d1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2190 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b7e4da70-1f4c-4f67-8c1e-aadc0f648d69
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=80a2d56f-6734-4f87-ac8a-329c3bc27c18
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2189 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=faac6321-286d-4d51-800f-71ec1e4903ed
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=33c4c84a-8dca-4dd4-b407-28da858a7123
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2188 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=faac6321-286d-4d51-800f-71ec1e4903ed
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=33c4c84a-8dca-4dd4-b407-28da858a7123
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2187 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=faac6321-286d-4d51-800f-71ec1e4903ed
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2186 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=faac6321-286d-4d51-800f-71ec1e4903ed
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2185 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=faac6321-286d-4d51-800f-71ec1e4903ed
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2184 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=faac6321-286d-4d51-800f-71ec1e4903ed
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2183 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=faac6321-286d-4d51-800f-71ec1e4903ed
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2182 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=faac6321-286d-4d51-800f-71ec1e4903ed
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABuAG8AdgBhAFwAXABzAGUAdAB1AHAALgBjAGYAZwAgAC0AcABhAHQAdABlAHIAbgAgACIAXgBuAGEAbQBlAC4AKgA9AC4AKgAiACAAfAAgACUAIAB7ACQAXwAuAG0AYQB0AGMAaABlAHMALgB2AGEAbAB1AGUALgBzAHAAbABpAHQAKAAiAD0AIgApAFsAMQBdAC4AdAByAGkAbQAoACkAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2181 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=08985002-fe3a-4df8-9944-3fe1d3479485
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b0d1224f-ddf7-4d43-83dd-2cf8066bab78
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2180 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=08985002-fe3a-4df8-9944-3fe1d3479485
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b0d1224f-ddf7-4d43-83dd-2cf8066bab78
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2179 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=08985002-fe3a-4df8-9944-3fe1d3479485
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2178 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=08985002-fe3a-4df8-9944-3fe1d3479485
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2177 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=08985002-fe3a-4df8-9944-3fe1d3479485
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2176 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=08985002-fe3a-4df8-9944-3fe1d3479485
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2175 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=08985002-fe3a-4df8-9944-3fe1d3479485
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2174 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=08985002-fe3a-4df8-9944-3fe1d3479485
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2173 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=08985002-fe3a-4df8-9944-3fe1d3479485
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2172 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=08985002-fe3a-4df8-9944-3fe1d3479485
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2171 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b7e4da70-1f4c-4f67-8c1e-aadc0f648d69
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=80a2d56f-6734-4f87-ac8a-329c3bc27c18
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2170 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b7e4da70-1f4c-4f67-8c1e-aadc0f648d69
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2169 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b7e4da70-1f4c-4f67-8c1e-aadc0f648d69
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2168 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b7e4da70-1f4c-4f67-8c1e-aadc0f648d69
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2167 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b7e4da70-1f4c-4f67-8c1e-aadc0f648d69
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2166 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b7e4da70-1f4c-4f67-8c1e-aadc0f648d69
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2165 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b7e4da70-1f4c-4f67-8c1e-aadc0f648d69
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2164 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=26738052-1aec-4aa4-af73-2025c190cc59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQAwAEEARABNAEEATgB3AEEAdQBBAEQAVQBBAE0AZwBBAHQAQQBEAEUAQQBNAGcAQQAwAEEARABnAEEATQBBAEEANQBBAEQARQBBAE4AZwBBADIAQQBEAEUAQQBNAGcAQQAzAEEARABJAEEATgBnAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=e3548b54-b9e8-48e3-a177-6322131bf6f9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2163 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=04e1c816-ef62-42ab-9e7b-0c3f03f95dd7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA0ADMANwAuADUAMgAtADEAMgA0ADgAMAA5ADEANgA2ADEAMgA3ADIANgAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=6d160306-f756-4885-8786-1b276568e32d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2162 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=04e1c816-ef62-42ab-9e7b-0c3f03f95dd7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA0ADMANwAuADUAMgAtADEAMgA0ADgAMAA5ADEANgA2ADEAMgA3ADIANgAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=6d160306-f756-4885-8786-1b276568e32d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2161 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=04e1c816-ef62-42ab-9e7b-0c3f03f95dd7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA0ADMANwAuADUAMgAtADEAMgA0ADgAMAA5ADEANgA2ADEAMgA3ADIANgAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2160 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=04e1c816-ef62-42ab-9e7b-0c3f03f95dd7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA0ADMANwAuADUAMgAtADEAMgA0ADgAMAA5ADEANgA2ADEAMgA3ADIANgAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2159 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=04e1c816-ef62-42ab-9e7b-0c3f03f95dd7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA0ADMANwAuADUAMgAtADEAMgA0ADgAMAA5ADEANgA2ADEAMgA3ADIANgAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2158 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=04e1c816-ef62-42ab-9e7b-0c3f03f95dd7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA0ADMANwAuADUAMgAtADEAMgA0ADgAMAA5ADEANgA2ADEAMgA3ADIANgAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2157 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=04e1c816-ef62-42ab-9e7b-0c3f03f95dd7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA0ADMANwAuADUAMgAtADEAMgA0ADgAMAA5ADEANgA2ADEAMgA3ADIANgAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2156 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=04e1c816-ef62-42ab-9e7b-0c3f03f95dd7
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA0ADMANwAuADUAMgAtADEAMgA0ADgAMAA5ADEANgA2ADEAMgA3ADIANgAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2155 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=26738052-1aec-4aa4-af73-2025c190cc59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQAwAEEARABNAEEATgB3AEEAdQBBAEQAVQBBAE0AZwBBAHQAQQBEAEUAQQBNAGcAQQAwAEEARABnAEEATQBBAEEANQBBAEQARQBBAE4AZwBBADIAQQBEAEUAQQBNAGcAQQAzAEEARABJAEEATgBnAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=e3548b54-b9e8-48e3-a177-6322131bf6f9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2154 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=26738052-1aec-4aa4-af73-2025c190cc59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQAwAEEARABNAEEATgB3AEEAdQBBAEQAVQBBAE0AZwBBAHQAQQBEAEUAQQBNAGcAQQAwAEEARABnAEEATQBBAEEANQBBAEQARQBBAE4AZwBBADIAQQBEAEUAQQBNAGcAQQAzAEEARABJAEEATgBnAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2153 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=26738052-1aec-4aa4-af73-2025c190cc59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQAwAEEARABNAEEATgB3AEEAdQBBAEQAVQBBAE0AZwBBAHQAQQBEAEUAQQBNAGcAQQAwAEEARABnAEEATQBBAEEANQBBAEQARQBBAE4AZwBBADIAQQBEAEUAQQBNAGcAQQAzAEEARABJAEEATgBnAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2152 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=26738052-1aec-4aa4-af73-2025c190cc59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQAwAEEARABNAEEATgB3AEEAdQBBAEQAVQBBAE0AZwBBAHQAQQBEAEUAQQBNAGcAQQAwAEEARABnAEEATQBBAEEANQBBAEQARQBBAE4AZwBBADIAQQBEAEUAQQBNAGcAQQAzAEEARABJAEEATgBnAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2151 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=26738052-1aec-4aa4-af73-2025c190cc59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQAwAEEARABNAEEATgB3AEEAdQBBAEQAVQBBAE0AZwBBAHQAQQBEAEUAQQBNAGcAQQAwAEEARABnAEEATQBBAEEANQBBAEQARQBBAE4AZwBBADIAQQBEAEUAQQBNAGcAQQAzAEEARABJAEEATgBnAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2150 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=26738052-1aec-4aa4-af73-2025c190cc59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQAwAEEARABNAEEATgB3AEEAdQBBAEQAVQBBAE0AZwBBAHQAQQBEAEUAQQBNAGcAQQAwAEEARABnAEEATQBBAEEANQBBAEQARQBBAE4AZwBBADIAQQBEAEUAQQBNAGcAQQAzAEEARABJAEEATgBnAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2149 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=26738052-1aec-4aa4-af73-2025c190cc59
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQAwAEEARABNAEEATgB3AEEAdQBBAEQAVQBBAE0AZwBBAHQAQQBEAEUAQQBNAGcAQQAwAEEARABnAEEATQBBAEEANQBBAEQARQBBAE4AZwBBADIAQQBEAEUAQQBNAGcAQQAzAEEARABJAEEATgBnAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2148 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:54:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a6278107-9e6f-476a-85bb-07a0f92124db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d4e6e5a7-7dd7-4cb0-a726-7a8d72cbffef
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2147 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=da0c8a8b-6de1-4bae-b8c3-c18ad51d5453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3a8b07a0-e4b1-4225-9b13-62a6878c0dd6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2146 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=da0c8a8b-6de1-4bae-b8c3-c18ad51d5453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2145 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=da0c8a8b-6de1-4bae-b8c3-c18ad51d5453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2144 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=da0c8a8b-6de1-4bae-b8c3-c18ad51d5453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2143 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=da0c8a8b-6de1-4bae-b8c3-c18ad51d5453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2142 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=da0c8a8b-6de1-4bae-b8c3-c18ad51d5453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2141 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=da0c8a8b-6de1-4bae-b8c3-c18ad51d5453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2140 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=da0c8a8b-6de1-4bae-b8c3-c18ad51d5453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2139 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=da0c8a8b-6de1-4bae-b8c3-c18ad51d5453
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2138 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a6278107-9e6f-476a-85bb-07a0f92124db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d4e6e5a7-7dd7-4cb0-a726-7a8d72cbffef
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2137 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a6278107-9e6f-476a-85bb-07a0f92124db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2136 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a6278107-9e6f-476a-85bb-07a0f92124db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2135 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a6278107-9e6f-476a-85bb-07a0f92124db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2134 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a6278107-9e6f-476a-85bb-07a0f92124db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2133 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a6278107-9e6f-476a-85bb-07a0f92124db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2132 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a6278107-9e6f-476a-85bb-07a0f92124db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2131 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aeee516a-ff41-4795-be02-80cd0cfb6115
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA0ADMANwAuADUAMgAtADEAMgA0ADgAMAA5ADEANgA2ADEAMgA3ADIANgBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=c8eea55e-6e2c-47c3-93f7-3fe44543faba
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2130 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aeee516a-ff41-4795-be02-80cd0cfb6115
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA0ADMANwAuADUAMgAtADEAMgA0ADgAMAA5ADEANgA2ADEAMgA3ADIANgBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=c8eea55e-6e2c-47c3-93f7-3fe44543faba
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2129 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aeee516a-ff41-4795-be02-80cd0cfb6115
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA0ADMANwAuADUAMgAtADEAMgA0ADgAMAA5ADEANgA2ADEAMgA3ADIANgBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2128 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aeee516a-ff41-4795-be02-80cd0cfb6115
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA0ADMANwAuADUAMgAtADEAMgA0ADgAMAA5ADEANgA2ADEAMgA3ADIANgBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2127 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aeee516a-ff41-4795-be02-80cd0cfb6115
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA0ADMANwAuADUAMgAtADEAMgA0ADgAMAA5ADEANgA2ADEAMgA3ADIANgBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2126 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aeee516a-ff41-4795-be02-80cd0cfb6115
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA0ADMANwAuADUAMgAtADEAMgA0ADgAMAA5ADEANgA2ADEAMgA3ADIANgBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2125 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aeee516a-ff41-4795-be02-80cd0cfb6115
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA0ADMANwAuADUAMgAtADEAMgA0ADgAMAA5ADEANgA2ADEAMgA3ADIANgBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2124 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aeee516a-ff41-4795-be02-80cd0cfb6115
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgA0ADMANwAuADUAMgAtADEAMgA0ADgAMAA5ADEANgA2ADEAMgA3ADIANgBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2123 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=40e39c6c-a295-4ce5-87c2-52eea5dc2d0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAFEAQQBNAHcAQQAzAEEAQwA0AEEATgBRAEEAeQBBAEMAMABBAE0AUQBBAHkAQQBEAFEAQQBPAEEAQQB3AEEARABrAEEATQBRAEEAMgBBAEQAWQBBAE0AUQBBAHkAQQBEAGMAQQBNAGcAQQAyAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=6d1404a3-ba78-4fd3-88c1-fca9bb5d6852
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2122 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b4205b0-f299-4ede-b477-956cb299cb7b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADQAMwA3AC4ANQAyAC0AMQAyADQAOAAwADkAMQA2ADYAMQAyADcAMgA2ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=d7a63f25-5478-4cfc-a96f-cc7b174d636a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2121 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b4205b0-f299-4ede-b477-956cb299cb7b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADQAMwA3AC4ANQAyAC0AMQAyADQAOAAwADkAMQA2ADYAMQAyADcAMgA2ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=d7a63f25-5478-4cfc-a96f-cc7b174d636a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2120 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b4205b0-f299-4ede-b477-956cb299cb7b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADQAMwA3AC4ANQAyAC0AMQAyADQAOAAwADkAMQA2ADYAMQAyADcAMgA2ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2119 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b4205b0-f299-4ede-b477-956cb299cb7b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADQAMwA3AC4ANQAyAC0AMQAyADQAOAAwADkAMQA2ADYAMQAyADcAMgA2ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2118 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b4205b0-f299-4ede-b477-956cb299cb7b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADQAMwA3AC4ANQAyAC0AMQAyADQAOAAwADkAMQA2ADYAMQAyADcAMgA2ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2117 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b4205b0-f299-4ede-b477-956cb299cb7b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADQAMwA3AC4ANQAyAC0AMQAyADQAOAAwADkAMQA2ADYAMQAyADcAMgA2ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2116 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b4205b0-f299-4ede-b477-956cb299cb7b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADQAMwA3AC4ANQAyAC0AMQAyADQAOAAwADkAMQA2ADYAMQAyADcAMgA2ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2115 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b4205b0-f299-4ede-b477-956cb299cb7b
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADQAMwA3AC4ANQAyAC0AMQAyADQAOAAwADkAMQA2ADYAMQAyADcAMgA2ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2114 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=40e39c6c-a295-4ce5-87c2-52eea5dc2d0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAFEAQQBNAHcAQQAzAEEAQwA0AEEATgBRAEEAeQBBAEMAMABBAE0AUQBBAHkAQQBEAFEAQQBPAEEAQQB3AEEARABrAEEATQBRAEEAMgBBAEQAWQBBAE0AUQBBAHkAQQBEAGMAQQBNAGcAQQAyAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=6d1404a3-ba78-4fd3-88c1-fca9bb5d6852
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2113 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=40e39c6c-a295-4ce5-87c2-52eea5dc2d0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAFEAQQBNAHcAQQAzAEEAQwA0AEEATgBRAEEAeQBBAEMAMABBAE0AUQBBAHkAQQBEAFEAQQBPAEEAQQB3AEEARABrAEEATQBRAEEAMgBBAEQAWQBBAE0AUQBBAHkAQQBEAGMAQQBNAGcAQQAyAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2112 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=40e39c6c-a295-4ce5-87c2-52eea5dc2d0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAFEAQQBNAHcAQQAzAEEAQwA0AEEATgBRAEEAeQBBAEMAMABBAE0AUQBBAHkAQQBEAFEAQQBPAEEAQQB3AEEARABrAEEATQBRAEEAMgBBAEQAWQBBAE0AUQBBAHkAQQBEAGMAQQBNAGcAQQAyAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2111 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=40e39c6c-a295-4ce5-87c2-52eea5dc2d0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAFEAQQBNAHcAQQAzAEEAQwA0AEEATgBRAEEAeQBBAEMAMABBAE0AUQBBAHkAQQBEAFEAQQBPAEEAQQB3AEEARABrAEEATQBRAEEAMgBBAEQAWQBBAE0AUQBBAHkAQQBEAGMAQQBNAGcAQQAyAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2110 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=40e39c6c-a295-4ce5-87c2-52eea5dc2d0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAFEAQQBNAHcAQQAzAEEAQwA0AEEATgBRAEEAeQBBAEMAMABBAE0AUQBBAHkAQQBEAFEAQQBPAEEAQQB3AEEARABrAEEATQBRAEEAMgBBAEQAWQBBAE0AUQBBAHkAQQBEAGMAQQBNAGcAQQAyAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2109 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=40e39c6c-a295-4ce5-87c2-52eea5dc2d0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAFEAQQBNAHcAQQAzAEEAQwA0AEEATgBRAEEAeQBBAEMAMABBAE0AUQBBAHkAQQBEAFEAQQBPAEEAQQB3AEEARABrAEEATQBRAEEAMgBBAEQAWQBBAE0AUQBBAHkAQQBEAGMAQQBNAGcAQQAyAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2108 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=40e39c6c-a295-4ce5-87c2-52eea5dc2d0b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAFEAQQBNAHcAQQAzAEEAQwA0AEEATgBRAEEAeQBBAEMAMABBAE0AUQBBAHkAQQBEAFEAQQBPAEEAQQB3AEEARABrAEEATQBRAEEAMgBBAEQAWQBBAE0AUQBBAHkAQQBEAGMAQQBNAGcAQQAyAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2107 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0580f2c8-3ba6-4d0c-aaf1-fc92adc581ca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2149ff86-71e0-4953-bc99-f3db22729f75
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2106 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=81b775a2-3361-4e49-abb1-ae9a4b1e043d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=da569b47-55d7-44a4-ac8f-c1bd526f2b08
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2105 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=81b775a2-3361-4e49-abb1-ae9a4b1e043d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2104 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=81b775a2-3361-4e49-abb1-ae9a4b1e043d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2103 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=81b775a2-3361-4e49-abb1-ae9a4b1e043d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2102 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=81b775a2-3361-4e49-abb1-ae9a4b1e043d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2101 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=81b775a2-3361-4e49-abb1-ae9a4b1e043d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2100 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=81b775a2-3361-4e49-abb1-ae9a4b1e043d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2099 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=81b775a2-3361-4e49-abb1-ae9a4b1e043d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2098 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=81b775a2-3361-4e49-abb1-ae9a4b1e043d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2097 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0580f2c8-3ba6-4d0c-aaf1-fc92adc581ca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2149ff86-71e0-4953-bc99-f3db22729f75
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2096 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0580f2c8-3ba6-4d0c-aaf1-fc92adc581ca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2095 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0580f2c8-3ba6-4d0c-aaf1-fc92adc581ca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2094 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0580f2c8-3ba6-4d0c-aaf1-fc92adc581ca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2093 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0580f2c8-3ba6-4d0c-aaf1-fc92adc581ca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2092 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0580f2c8-3ba6-4d0c-aaf1-fc92adc581ca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2091 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0580f2c8-3ba6-4d0c-aaf1-fc92adc581ca
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2090 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e6d8f257-07ee-4c43-bc82-8e33b22f2ea8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=07b250be-5c99-4cf6-b0b0-6942857208ae
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2089 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4974708f-9664-4b4c-adb3-e6bac9a39958
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=5.1.14393.1944
RunspaceId=f3df7a5a-468f-4786-a810-c0c60af3da9c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2088 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4974708f-9664-4b4c-adb3-e6bac9a39958
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=5.1.14393.1944
RunspaceId=f3df7a5a-468f-4786-a810-c0c60af3da9c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2087 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4974708f-9664-4b4c-adb3-e6bac9a39958
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2086 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4974708f-9664-4b4c-adb3-e6bac9a39958
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2085 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4974708f-9664-4b4c-adb3-e6bac9a39958
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2084 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4974708f-9664-4b4c-adb3-e6bac9a39958
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2083 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4974708f-9664-4b4c-adb3-e6bac9a39958
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2082 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4974708f-9664-4b4c-adb3-e6bac9a39958
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIAAtAGUAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2081 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=30955af9-51b2-4332-8ec1-3694b657764c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bf5abc37-ac00-450d-b1aa-36a06dcd209b
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2080 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=30955af9-51b2-4332-8ec1-3694b657764c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bf5abc37-ac00-450d-b1aa-36a06dcd209b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2079 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=30955af9-51b2-4332-8ec1-3694b657764c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2078 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=30955af9-51b2-4332-8ec1-3694b657764c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2077 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=30955af9-51b2-4332-8ec1-3694b657764c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2076 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=30955af9-51b2-4332-8ec1-3694b657764c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2075 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=30955af9-51b2-4332-8ec1-3694b657764c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2074 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=30955af9-51b2-4332-8ec1-3694b657764c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2073 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=30955af9-51b2-4332-8ec1-3694b657764c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2072 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=30955af9-51b2-4332-8ec1-3694b657764c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2071 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e6d8f257-07ee-4c43-bc82-8e33b22f2ea8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=07b250be-5c99-4cf6-b0b0-6942857208ae
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2070 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e6d8f257-07ee-4c43-bc82-8e33b22f2ea8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2069 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e6d8f257-07ee-4c43-bc82-8e33b22f2ea8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2068 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e6d8f257-07ee-4c43-bc82-8e33b22f2ea8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2067 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e6d8f257-07ee-4c43-bc82-8e33b22f2ea8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2066 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e6d8f257-07ee-4c43-bc82-8e33b22f2ea8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2065 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e6d8f257-07ee-4c43-bc82-8e33b22f2ea8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2064 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8cd6a049-51b0-47d4-9d33-15061bb4f2b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6018fcc4-82f4-4f16-968f-6fe2a10cbac9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2063 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3be4babf-16a5-4d31-822d-8e1b32d25168
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=5.1.14393.1944
RunspaceId=aeae2db2-7a37-4844-8b8f-9c1d1d3b2f3e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2062 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3be4babf-16a5-4d31-822d-8e1b32d25168
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=5.1.14393.1944
RunspaceId=aeae2db2-7a37-4844-8b8f-9c1d1d3b2f3e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2061 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3be4babf-16a5-4d31-822d-8e1b32d25168
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2060 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3be4babf-16a5-4d31-822d-8e1b32d25168
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2059 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3be4babf-16a5-4d31-822d-8e1b32d25168
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2058 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3be4babf-16a5-4d31-822d-8e1b32d25168
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2057 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3be4babf-16a5-4d31-822d-8e1b32d25168
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2056 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3be4babf-16a5-4d31-822d-8e1b32d25168
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABTAGUAbABlAGMAdAAtAFMAdAByAGkAbgBnACAALQBwAGEAdABoACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAcwBlAHQAdQBwAC4AYwBmAGcAIAAtAHAAYQB0AHQAZQByAG4AIAAiAF4AbgBhAG0AZQAuACoAPQAuACoAIgAgAHwAIAAlACAAewAkAF8ALgBtAGEAdABjAGgAZQBzAC4AdgBhAGwAdQBlAC4AcwBwAGwAaQB0ACgAIgA9ACIAKQBbADEAXQAuAHQAcgBpAG0AKAApAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2055 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6949677e-e440-4ecd-b657-777887ad4ccb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=950cb211-d899-4601-881d-dcc7cf971099
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2054 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6949677e-e440-4ecd-b657-777887ad4ccb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=950cb211-d899-4601-881d-dcc7cf971099
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2053 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6949677e-e440-4ecd-b657-777887ad4ccb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2052 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6949677e-e440-4ecd-b657-777887ad4ccb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2051 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6949677e-e440-4ecd-b657-777887ad4ccb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2050 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6949677e-e440-4ecd-b657-777887ad4ccb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2049 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6949677e-e440-4ecd-b657-777887ad4ccb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2048 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6949677e-e440-4ecd-b657-777887ad4ccb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2047 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6949677e-e440-4ecd-b657-777887ad4ccb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2046 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6949677e-e440-4ecd-b657-777887ad4ccb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2045 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8cd6a049-51b0-47d4-9d33-15061bb4f2b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6018fcc4-82f4-4f16-968f-6fe2a10cbac9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2044 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8cd6a049-51b0-47d4-9d33-15061bb4f2b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2043 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8cd6a049-51b0-47d4-9d33-15061bb4f2b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2042 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8cd6a049-51b0-47d4-9d33-15061bb4f2b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2041 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8cd6a049-51b0-47d4-9d33-15061bb4f2b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2040 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8cd6a049-51b0-47d4-9d33-15061bb4f2b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2039 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8cd6a049-51b0-47d4-9d33-15061bb4f2b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2038 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f204e672-f16a-4e0b-be89-25fd9f689fe5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=aa6ec824-358d-4e7d-bc40-40bb18e68581
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2037 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5f4aadc3-dbf6-4cf4-b31d-47dccc19e324
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=5.1.14393.1944
RunspaceId=34df0b41-5fb4-4e24-9be7-0218e80afab8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2036 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:53:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5f4aadc3-dbf6-4cf4-b31d-47dccc19e324
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=5.1.14393.1944
RunspaceId=34df0b41-5fb4-4e24-9be7-0218e80afab8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2035 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5f4aadc3-dbf6-4cf4-b31d-47dccc19e324
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2034 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5f4aadc3-dbf6-4cf4-b31d-47dccc19e324
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2033 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5f4aadc3-dbf6-4cf4-b31d-47dccc19e324
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2032 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5f4aadc3-dbf6-4cf4-b31d-47dccc19e324
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2031 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5f4aadc3-dbf6-4cf4-b31d-47dccc19e324
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2030 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5f4aadc3-dbf6-4cf4-b31d-47dccc19e324
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABwAHkAdwBpAG4AMwAyACAAcABiAHIAIABwAHkAbQB5AHMAcQBsACAAbwB2AHMA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2029 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72e9c75f-6e72-41e3-ad8b-aec9ac271758
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6f1a0411-347d-4121-8540-d0a2c02740bf
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2028 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72e9c75f-6e72-41e3-ad8b-aec9ac271758
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6f1a0411-347d-4121-8540-d0a2c02740bf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2027 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72e9c75f-6e72-41e3-ad8b-aec9ac271758
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2026 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72e9c75f-6e72-41e3-ad8b-aec9ac271758
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2025 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72e9c75f-6e72-41e3-ad8b-aec9ac271758
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2024 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72e9c75f-6e72-41e3-ad8b-aec9ac271758
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2023 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72e9c75f-6e72-41e3-ad8b-aec9ac271758
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2022 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72e9c75f-6e72-41e3-ad8b-aec9ac271758
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2021 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72e9c75f-6e72-41e3-ad8b-aec9ac271758
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2020 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72e9c75f-6e72-41e3-ad8b-aec9ac271758
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2019 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f204e672-f16a-4e0b-be89-25fd9f689fe5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=aa6ec824-358d-4e7d-bc40-40bb18e68581
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2018 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f204e672-f16a-4e0b-be89-25fd9f689fe5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2017 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f204e672-f16a-4e0b-be89-25fd9f689fe5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2016 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f204e672-f16a-4e0b-be89-25fd9f689fe5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2015 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f204e672-f16a-4e0b-be89-25fd9f689fe5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2014 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f204e672-f16a-4e0b-be89-25fd9f689fe5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2013 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f204e672-f16a-4e0b-be89-25fd9f689fe5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2012 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0de3fde9-7901-487e-8cb8-f4649faf5258
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5b38267b-6f53-4dcf-ac10-2775c5886d16
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2011 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d232b70-abda-48a0-b048-b7394cc065e3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=5.1.14393.1944
RunspaceId=ab19652d-f45f-4495-b326-48acfb4aa803
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 2010 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d232b70-abda-48a0-b048-b7394cc065e3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=5.1.14393.1944
RunspaceId=ab19652d-f45f-4495-b326-48acfb4aa803
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2009 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d232b70-abda-48a0-b048-b7394cc065e3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2008 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d232b70-abda-48a0-b048-b7394cc065e3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2007 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d232b70-abda-48a0-b048-b7394cc065e3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2006 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d232b70-abda-48a0-b048-b7394cc065e3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2005 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d232b70-abda-48a0-b048-b7394cc065e3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2004 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6d232b70-abda-48a0-b048-b7394cc065e3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAGkAcAAgAGkAbgBzAHQAYQBsAGwAIAAtAGMAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAIAAtAFUAIABzAGUAdAB1AHAAdABvAG8AbABzAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2003 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d6918b8f-b4ab-4cee-b4d8-71f0ba4f3e52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0ed8efa4-f7ef-4164-bbc0-d5a90d68e0c8
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 2002 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d6918b8f-b4ab-4cee-b4d8-71f0ba4f3e52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0ed8efa4-f7ef-4164-bbc0-d5a90d68e0c8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 2001 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d6918b8f-b4ab-4cee-b4d8-71f0ba4f3e52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2000 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d6918b8f-b4ab-4cee-b4d8-71f0ba4f3e52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1999 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d6918b8f-b4ab-4cee-b4d8-71f0ba4f3e52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1998 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d6918b8f-b4ab-4cee-b4d8-71f0ba4f3e52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1997 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d6918b8f-b4ab-4cee-b4d8-71f0ba4f3e52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1996 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d6918b8f-b4ab-4cee-b4d8-71f0ba4f3e52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1995 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d6918b8f-b4ab-4cee-b4d8-71f0ba4f3e52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1994 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d6918b8f-b4ab-4cee-b4d8-71f0ba4f3e52
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1993 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0de3fde9-7901-487e-8cb8-f4649faf5258
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5b38267b-6f53-4dcf-ac10-2775c5886d16
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1992 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0de3fde9-7901-487e-8cb8-f4649faf5258
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1991 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0de3fde9-7901-487e-8cb8-f4649faf5258
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1990 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0de3fde9-7901-487e-8cb8-f4649faf5258
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1989 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0de3fde9-7901-487e-8cb8-f4649faf5258
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1988 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0de3fde9-7901-487e-8cb8-f4649faf5258
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1987 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0de3fde9-7901-487e-8cb8-f4649faf5258
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1986 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5663c927-7e7c-47c1-9413-3100e730187a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c06d0810-753b-46c4-a1df-7948eeba3f85
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1985 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9965877c-a323-4907-bdf5-1d9b7407333c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABOAGUAdwAtAE4AZQB0AEkAUABBAGQAZAByAGUAcwBzACAALQBJAFAAQQBkAGQAcgBlAHMAcwAgADEAOQAyAC4AMQA2ADgALgAwAC4ANwAxACAALQBJAG4AdABlAHIAZgBhAGMAZQBBAGwAaQBhAHMAIABiAHIALQBlAHQAaABlAHIAbgBlAHQAIAAtAFAAcgBlAGYAaQB4AEwAZQBuAGcAdABoACAAMgAyAA==
EngineVersion=5.1.14393.1944
RunspaceId=471405c8-d6da-4510-92fd-7bf4f1661f38
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1984 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9965877c-a323-4907-bdf5-1d9b7407333c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABOAGUAdwAtAE4AZQB0AEkAUABBAGQAZAByAGUAcwBzACAALQBJAFAAQQBkAGQAcgBlAHMAcwAgADEAOQAyAC4AMQA2ADgALgAwAC4ANwAxACAALQBJAG4AdABlAHIAZgBhAGMAZQBBAGwAaQBhAHMAIABiAHIALQBlAHQAaABlAHIAbgBlAHQAIAAtAFAAcgBlAGYAaQB4AEwAZQBuAGcAdABoACAAMgAyAA==
EngineVersion=5.1.14393.1944
RunspaceId=471405c8-d6da-4510-92fd-7bf4f1661f38
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1983 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9965877c-a323-4907-bdf5-1d9b7407333c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABOAGUAdwAtAE4AZQB0AEkAUABBAGQAZAByAGUAcwBzACAALQBJAFAAQQBkAGQAcgBlAHMAcwAgADEAOQAyAC4AMQA2ADgALgAwAC4ANwAxACAALQBJAG4AdABlAHIAZgBhAGMAZQBBAGwAaQBhAHMAIABiAHIALQBlAHQAaABlAHIAbgBlAHQAIAAtAFAAcgBlAGYAaQB4AEwAZQBuAGcAdABoACAAMgAyAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1982 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9965877c-a323-4907-bdf5-1d9b7407333c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABOAGUAdwAtAE4AZQB0AEkAUABBAGQAZAByAGUAcwBzACAALQBJAFAAQQBkAGQAcgBlAHMAcwAgADEAOQAyAC4AMQA2ADgALgAwAC4ANwAxACAALQBJAG4AdABlAHIAZgBhAGMAZQBBAGwAaQBhAHMAIABiAHIALQBlAHQAaABlAHIAbgBlAHQAIAAtAFAAcgBlAGYAaQB4AEwAZQBuAGcAdABoACAAMgAyAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1981 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9965877c-a323-4907-bdf5-1d9b7407333c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABOAGUAdwAtAE4AZQB0AEkAUABBAGQAZAByAGUAcwBzACAALQBJAFAAQQBkAGQAcgBlAHMAcwAgADEAOQAyAC4AMQA2ADgALgAwAC4ANwAxACAALQBJAG4AdABlAHIAZgBhAGMAZQBBAGwAaQBhAHMAIABiAHIALQBlAHQAaABlAHIAbgBlAHQAIAAtAFAAcgBlAGYAaQB4AEwAZQBuAGcAdABoACAAMgAyAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1980 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9965877c-a323-4907-bdf5-1d9b7407333c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABOAGUAdwAtAE4AZQB0AEkAUABBAGQAZAByAGUAcwBzACAALQBJAFAAQQBkAGQAcgBlAHMAcwAgADEAOQAyAC4AMQA2ADgALgAwAC4ANwAxACAALQBJAG4AdABlAHIAZgBhAGMAZQBBAGwAaQBhAHMAIABiAHIALQBlAHQAaABlAHIAbgBlAHQAIAAtAFAAcgBlAGYAaQB4AEwAZQBuAGcAdABoACAAMgAyAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1979 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9965877c-a323-4907-bdf5-1d9b7407333c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABOAGUAdwAtAE4AZQB0AEkAUABBAGQAZAByAGUAcwBzACAALQBJAFAAQQBkAGQAcgBlAHMAcwAgADEAOQAyAC4AMQA2ADgALgAwAC4ANwAxACAALQBJAG4AdABlAHIAZgBhAGMAZQBBAGwAaQBhAHMAIABiAHIALQBlAHQAaABlAHIAbgBlAHQAIAAtAFAAcgBlAGYAaQB4AEwAZQBuAGcAdABoACAAMgAyAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1978 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9965877c-a323-4907-bdf5-1d9b7407333c
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABOAGUAdwAtAE4AZQB0AEkAUABBAGQAZAByAGUAcwBzACAALQBJAFAAQQBkAGQAcgBlAHMAcwAgADEAOQAyAC4AMQA2ADgALgAwAC4ANwAxACAALQBJAG4AdABlAHIAZgBhAGMAZQBBAGwAaQBhAHMAIABiAHIALQBlAHQAaABlAHIAbgBlAHQAIAAtAFAAcgBlAGYAaQB4AEwAZQBuAGcAdABoACAAMgAyAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1977 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2aeecb6-0275-4add-98ac-4fb921c87b9e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=61d6c30d-d13d-44c1-a7b4-1378ad3494ea
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1976 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2aeecb6-0275-4add-98ac-4fb921c87b9e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=61d6c30d-d13d-44c1-a7b4-1378ad3494ea
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1975 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2aeecb6-0275-4add-98ac-4fb921c87b9e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1974 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2aeecb6-0275-4add-98ac-4fb921c87b9e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1973 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2aeecb6-0275-4add-98ac-4fb921c87b9e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1972 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2aeecb6-0275-4add-98ac-4fb921c87b9e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1971 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2aeecb6-0275-4add-98ac-4fb921c87b9e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1970 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2aeecb6-0275-4add-98ac-4fb921c87b9e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1969 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2aeecb6-0275-4add-98ac-4fb921c87b9e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1968 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b2aeecb6-0275-4add-98ac-4fb921c87b9e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1967 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5663c927-7e7c-47c1-9413-3100e730187a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c06d0810-753b-46c4-a1df-7948eeba3f85
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1966 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5663c927-7e7c-47c1-9413-3100e730187a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1965 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5663c927-7e7c-47c1-9413-3100e730187a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1964 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5663c927-7e7c-47c1-9413-3100e730187a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1963 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5663c927-7e7c-47c1-9413-3100e730187a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1962 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5663c927-7e7c-47c1-9413-3100e730187a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1961 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5663c927-7e7c-47c1-9413-3100e730187a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1960 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4a9c1ad3-0211-4132-baac-88b35fc4cd00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d68bfa50-de29-40e5-9bbc-fe27b9af1423
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1959 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1376f32c-48eb-436c-8e7e-c8b68f8f60f5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAE4AZQB0AEEAZABhAHAAdABlAHIAIABiAHIALQBlAHQAaABlAHIAbgBlAHQA
EngineVersion=5.1.14393.1944
RunspaceId=89de1cba-aedf-4e51-83d3-a6e3fb014e32
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1958 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1376f32c-48eb-436c-8e7e-c8b68f8f60f5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAE4AZQB0AEEAZABhAHAAdABlAHIAIABiAHIALQBlAHQAaABlAHIAbgBlAHQA
EngineVersion=5.1.14393.1944
RunspaceId=89de1cba-aedf-4e51-83d3-a6e3fb014e32
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1957 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1376f32c-48eb-436c-8e7e-c8b68f8f60f5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAE4AZQB0AEEAZABhAHAAdABlAHIAIABiAHIALQBlAHQAaABlAHIAbgBlAHQA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1956 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1376f32c-48eb-436c-8e7e-c8b68f8f60f5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAE4AZQB0AEEAZABhAHAAdABlAHIAIABiAHIALQBlAHQAaABlAHIAbgBlAHQA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1955 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1376f32c-48eb-436c-8e7e-c8b68f8f60f5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAE4AZQB0AEEAZABhAHAAdABlAHIAIABiAHIALQBlAHQAaABlAHIAbgBlAHQA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1954 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1376f32c-48eb-436c-8e7e-c8b68f8f60f5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAE4AZQB0AEEAZABhAHAAdABlAHIAIABiAHIALQBlAHQAaABlAHIAbgBlAHQA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1953 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1376f32c-48eb-436c-8e7e-c8b68f8f60f5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAE4AZQB0AEEAZABhAHAAdABlAHIAIABiAHIALQBlAHQAaABlAHIAbgBlAHQA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1952 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1376f32c-48eb-436c-8e7e-c8b68f8f60f5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAE4AZQB0AEEAZABhAHAAdABlAHIAIABiAHIALQBlAHQAaABlAHIAbgBlAHQA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1951 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9912d1f3-fa7d-4281-86d4-3b61f6ab96f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6f87f925-bedd-410f-8d37-1f85aff65824
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1950 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9912d1f3-fa7d-4281-86d4-3b61f6ab96f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6f87f925-bedd-410f-8d37-1f85aff65824
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1949 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9912d1f3-fa7d-4281-86d4-3b61f6ab96f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1948 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9912d1f3-fa7d-4281-86d4-3b61f6ab96f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1947 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9912d1f3-fa7d-4281-86d4-3b61f6ab96f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1946 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9912d1f3-fa7d-4281-86d4-3b61f6ab96f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1945 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9912d1f3-fa7d-4281-86d4-3b61f6ab96f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1944 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9912d1f3-fa7d-4281-86d4-3b61f6ab96f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1943 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9912d1f3-fa7d-4281-86d4-3b61f6ab96f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1942 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9912d1f3-fa7d-4281-86d4-3b61f6ab96f0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1941 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4a9c1ad3-0211-4132-baac-88b35fc4cd00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d68bfa50-de29-40e5-9bbc-fe27b9af1423
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1940 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4a9c1ad3-0211-4132-baac-88b35fc4cd00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1939 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4a9c1ad3-0211-4132-baac-88b35fc4cd00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1938 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4a9c1ad3-0211-4132-baac-88b35fc4cd00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1937 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4a9c1ad3-0211-4132-baac-88b35fc4cd00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1936 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4a9c1ad3-0211-4132-baac-88b35fc4cd00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1935 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4a9c1ad3-0211-4132-baac-88b35fc4cd00
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1934 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=014a6785-86a9-4de5-af5a-9508743fe535
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=dd20f311-f85e-4699-956d-9b3f75e7ddc9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1933 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=50fa6d97-cfaf-4711-90cf-a769cbcf88d7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABvAHYAcwAtAHYAcwBjAHQAbAAgAC0ALQBkAGIAPQB0AGMAcAA6ADEAMgA3AC4AMAAuADAALgAxADoANgA2ADQAMAAgAGEAZABkAC0AcABvAHIAdAAgAGIAcgAtAGUAdABoAGUAcgBuAGUAdAAgACIARQB0AGgAZQByAG4AZQB0ACIA
EngineVersion=5.1.14393.1944
RunspaceId=bdf9913a-bb65-45f0-aba5-b34b2f677664
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1932 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=50fa6d97-cfaf-4711-90cf-a769cbcf88d7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABvAHYAcwAtAHYAcwBjAHQAbAAgAC0ALQBkAGIAPQB0AGMAcAA6ADEAMgA3AC4AMAAuADAALgAxADoANgA2ADQAMAAgAGEAZABkAC0AcABvAHIAdAAgAGIAcgAtAGUAdABoAGUAcgBuAGUAdAAgACIARQB0AGgAZQByAG4AZQB0ACIA
EngineVersion=5.1.14393.1944
RunspaceId=bdf9913a-bb65-45f0-aba5-b34b2f677664
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1931 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=50fa6d97-cfaf-4711-90cf-a769cbcf88d7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABvAHYAcwAtAHYAcwBjAHQAbAAgAC0ALQBkAGIAPQB0AGMAcAA6ADEAMgA3AC4AMAAuADAALgAxADoANgA2ADQAMAAgAGEAZABkAC0AcABvAHIAdAAgAGIAcgAtAGUAdABoAGUAcgBuAGUAdAAgACIARQB0AGgAZQByAG4AZQB0ACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1930 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=50fa6d97-cfaf-4711-90cf-a769cbcf88d7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABvAHYAcwAtAHYAcwBjAHQAbAAgAC0ALQBkAGIAPQB0AGMAcAA6ADEAMgA3AC4AMAAuADAALgAxADoANgA2ADQAMAAgAGEAZABkAC0AcABvAHIAdAAgAGIAcgAtAGUAdABoAGUAcgBuAGUAdAAgACIARQB0AGgAZQByAG4AZQB0ACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1929 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=50fa6d97-cfaf-4711-90cf-a769cbcf88d7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABvAHYAcwAtAHYAcwBjAHQAbAAgAC0ALQBkAGIAPQB0AGMAcAA6ADEAMgA3AC4AMAAuADAALgAxADoANgA2ADQAMAAgAGEAZABkAC0AcABvAHIAdAAgAGIAcgAtAGUAdABoAGUAcgBuAGUAdAAgACIARQB0AGgAZQByAG4AZQB0ACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1928 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=50fa6d97-cfaf-4711-90cf-a769cbcf88d7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABvAHYAcwAtAHYAcwBjAHQAbAAgAC0ALQBkAGIAPQB0AGMAcAA6ADEAMgA3AC4AMAAuADAALgAxADoANgA2ADQAMAAgAGEAZABkAC0AcABvAHIAdAAgAGIAcgAtAGUAdABoAGUAcgBuAGUAdAAgACIARQB0AGgAZQByAG4AZQB0ACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1927 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=50fa6d97-cfaf-4711-90cf-a769cbcf88d7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABvAHYAcwAtAHYAcwBjAHQAbAAgAC0ALQBkAGIAPQB0AGMAcAA6ADEAMgA3AC4AMAAuADAALgAxADoANgA2ADQAMAAgAGEAZABkAC0AcABvAHIAdAAgAGIAcgAtAGUAdABoAGUAcgBuAGUAdAAgACIARQB0AGgAZQByAG4AZQB0ACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1926 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=50fa6d97-cfaf-4711-90cf-a769cbcf88d7
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABvAHYAcwAtAHYAcwBjAHQAbAAgAC0ALQBkAGIAPQB0AGMAcAA6ADEAMgA3AC4AMAAuADAALgAxADoANgA2ADQAMAAgAGEAZABkAC0AcABvAHIAdAAgAGIAcgAtAGUAdABoAGUAcgBuAGUAdAAgACIARQB0AGgAZQByAG4AZQB0ACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1925 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3337133-e7c5-4bbf-8924-7ac7dcb876eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ee3df49e-34d4-40e9-b126-26a27b26f3b0
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1924 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3337133-e7c5-4bbf-8924-7ac7dcb876eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ee3df49e-34d4-40e9-b126-26a27b26f3b0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1923 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3337133-e7c5-4bbf-8924-7ac7dcb876eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1922 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3337133-e7c5-4bbf-8924-7ac7dcb876eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1921 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3337133-e7c5-4bbf-8924-7ac7dcb876eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1920 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3337133-e7c5-4bbf-8924-7ac7dcb876eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1919 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3337133-e7c5-4bbf-8924-7ac7dcb876eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1918 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3337133-e7c5-4bbf-8924-7ac7dcb876eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1917 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3337133-e7c5-4bbf-8924-7ac7dcb876eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1916 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3337133-e7c5-4bbf-8924-7ac7dcb876eb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1915 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=014a6785-86a9-4de5-af5a-9508743fe535
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=dd20f311-f85e-4699-956d-9b3f75e7ddc9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1914 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=014a6785-86a9-4de5-af5a-9508743fe535
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1913 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=014a6785-86a9-4de5-af5a-9508743fe535
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1912 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=014a6785-86a9-4de5-af5a-9508743fe535
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1911 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=014a6785-86a9-4de5-af5a-9508743fe535
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1910 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=014a6785-86a9-4de5-af5a-9508743fe535
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1909 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=014a6785-86a9-4de5-af5a-9508743fe535
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1908 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0bf96135-1c45-4e66-a9ff-d4bb5c165d33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=55e49b3f-b622-4e8c-8d0e-bed4029ae1db
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1907 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=be6c0b0b-4d98-4aa9-bfbf-598479d5830f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABvAHYAcwAtAHYAcwBjAHQAbAAgAC0ALQBkAGIAPQB0AGMAcAA6ADEAMgA3AC4AMAAuADAALgAxADoANgA2ADQAMAAgAGEAZABkAC0AYgByACAAYgByAC0AZQB0AGgAZQByAG4AZQB0AA==
EngineVersion=5.1.14393.1944
RunspaceId=6252fd7f-6e75-427b-b8b5-938a765559d9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1906 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=be6c0b0b-4d98-4aa9-bfbf-598479d5830f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABvAHYAcwAtAHYAcwBjAHQAbAAgAC0ALQBkAGIAPQB0AGMAcAA6ADEAMgA3AC4AMAAuADAALgAxADoANgA2ADQAMAAgAGEAZABkAC0AYgByACAAYgByAC0AZQB0AGgAZQByAG4AZQB0AA==
EngineVersion=5.1.14393.1944
RunspaceId=6252fd7f-6e75-427b-b8b5-938a765559d9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1905 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=be6c0b0b-4d98-4aa9-bfbf-598479d5830f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABvAHYAcwAtAHYAcwBjAHQAbAAgAC0ALQBkAGIAPQB0AGMAcAA6ADEAMgA3AC4AMAAuADAALgAxADoANgA2ADQAMAAgAGEAZABkAC0AYgByACAAYgByAC0AZQB0AGgAZQByAG4AZQB0AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1904 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=be6c0b0b-4d98-4aa9-bfbf-598479d5830f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABvAHYAcwAtAHYAcwBjAHQAbAAgAC0ALQBkAGIAPQB0AGMAcAA6ADEAMgA3AC4AMAAuADAALgAxADoANgA2ADQAMAAgAGEAZABkAC0AYgByACAAYgByAC0AZQB0AGgAZQByAG4AZQB0AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1903 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=be6c0b0b-4d98-4aa9-bfbf-598479d5830f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABvAHYAcwAtAHYAcwBjAHQAbAAgAC0ALQBkAGIAPQB0AGMAcAA6ADEAMgA3AC4AMAAuADAALgAxADoANgA2ADQAMAAgAGEAZABkAC0AYgByACAAYgByAC0AZQB0AGgAZQByAG4AZQB0AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1902 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=be6c0b0b-4d98-4aa9-bfbf-598479d5830f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABvAHYAcwAtAHYAcwBjAHQAbAAgAC0ALQBkAGIAPQB0AGMAcAA6ADEAMgA3AC4AMAAuADAALgAxADoANgA2ADQAMAAgAGEAZABkAC0AYgByACAAYgByAC0AZQB0AGgAZQByAG4AZQB0AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1901 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=be6c0b0b-4d98-4aa9-bfbf-598479d5830f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABvAHYAcwAtAHYAcwBjAHQAbAAgAC0ALQBkAGIAPQB0AGMAcAA6ADEAMgA3AC4AMAAuADAALgAxADoANgA2ADQAMAAgAGEAZABkAC0AYgByACAAYgByAC0AZQB0AGgAZQByAG4AZQB0AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1900 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=be6c0b0b-4d98-4aa9-bfbf-598479d5830f
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABvAHYAcwAtAHYAcwBjAHQAbAAgAC0ALQBkAGIAPQB0AGMAcAA6ADEAMgA3AC4AMAAuADAALgAxADoANgA2ADQAMAAgAGEAZABkAC0AYgByACAAYgByAC0AZQB0AGgAZQByAG4AZQB0AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1899 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7796a180-ef32-4de8-aecc-1a442cd8b53f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c5548153-57e7-4d4c-a8ed-8ae760c99c19
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1898 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7796a180-ef32-4de8-aecc-1a442cd8b53f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c5548153-57e7-4d4c-a8ed-8ae760c99c19
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1897 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7796a180-ef32-4de8-aecc-1a442cd8b53f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1896 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7796a180-ef32-4de8-aecc-1a442cd8b53f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1895 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7796a180-ef32-4de8-aecc-1a442cd8b53f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1894 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7796a180-ef32-4de8-aecc-1a442cd8b53f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1893 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7796a180-ef32-4de8-aecc-1a442cd8b53f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1892 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7796a180-ef32-4de8-aecc-1a442cd8b53f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1891 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7796a180-ef32-4de8-aecc-1a442cd8b53f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1890 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7796a180-ef32-4de8-aecc-1a442cd8b53f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1889 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0bf96135-1c45-4e66-a9ff-d4bb5c165d33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=55e49b3f-b622-4e8c-8d0e-bed4029ae1db
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1888 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0bf96135-1c45-4e66-a9ff-d4bb5c165d33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1887 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0bf96135-1c45-4e66-a9ff-d4bb5c165d33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1886 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0bf96135-1c45-4e66-a9ff-d4bb5c165d33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1885 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0bf96135-1c45-4e66-a9ff-d4bb5c165d33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1884 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0bf96135-1c45-4e66-a9ff-d4bb5c165d33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1883 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0bf96135-1c45-4e66-a9ff-d4bb5c165d33
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1882 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ef1dcca-b5e5-4a33-a016-17b1b6030ccd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e683847c-b33b-4d79-bf1c-72f4f841fa27
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1881 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=484b11a2-93cf-4cec-b76c-ea7f8821eb50
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABvAHYAcwAtAHYAcwBjAHQAbAAgAC0ALQBkAGIAPQB0AGMAcAA6ADEAMgA3AC4AMAAuADAALgAxADoANgA2ADQAMAAgAHMAaABvAHcAIAB8ACAAUwBlAGwAZQBjAHQALQBTAHQAcgBpAG4AZwAgAC0AUABhAHQAdABlAHIAbgAgACIAYgByAC0AZQB0AGgAZQByAG4AZQB0ACIA
EngineVersion=5.1.14393.1944
RunspaceId=80a1aba4-b356-468c-b531-9f8b70024ea4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1880 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=484b11a2-93cf-4cec-b76c-ea7f8821eb50
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABvAHYAcwAtAHYAcwBjAHQAbAAgAC0ALQBkAGIAPQB0AGMAcAA6ADEAMgA3AC4AMAAuADAALgAxADoANgA2ADQAMAAgAHMAaABvAHcAIAB8ACAAUwBlAGwAZQBjAHQALQBTAHQAcgBpAG4AZwAgAC0AUABhAHQAdABlAHIAbgAgACIAYgByAC0AZQB0AGgAZQByAG4AZQB0ACIA
EngineVersion=5.1.14393.1944
RunspaceId=80a1aba4-b356-468c-b531-9f8b70024ea4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1879 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=484b11a2-93cf-4cec-b76c-ea7f8821eb50
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABvAHYAcwAtAHYAcwBjAHQAbAAgAC0ALQBkAGIAPQB0AGMAcAA6ADEAMgA3AC4AMAAuADAALgAxADoANgA2ADQAMAAgAHMAaABvAHcAIAB8ACAAUwBlAGwAZQBjAHQALQBTAHQAcgBpAG4AZwAgAC0AUABhAHQAdABlAHIAbgAgACIAYgByAC0AZQB0AGgAZQByAG4AZQB0ACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1878 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=484b11a2-93cf-4cec-b76c-ea7f8821eb50
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABvAHYAcwAtAHYAcwBjAHQAbAAgAC0ALQBkAGIAPQB0AGMAcAA6ADEAMgA3AC4AMAAuADAALgAxADoANgA2ADQAMAAgAHMAaABvAHcAIAB8ACAAUwBlAGwAZQBjAHQALQBTAHQAcgBpAG4AZwAgAC0AUABhAHQAdABlAHIAbgAgACIAYgByAC0AZQB0AGgAZQByAG4AZQB0ACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1877 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=484b11a2-93cf-4cec-b76c-ea7f8821eb50
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABvAHYAcwAtAHYAcwBjAHQAbAAgAC0ALQBkAGIAPQB0AGMAcAA6ADEAMgA3AC4AMAAuADAALgAxADoANgA2ADQAMAAgAHMAaABvAHcAIAB8ACAAUwBlAGwAZQBjAHQALQBTAHQAcgBpAG4AZwAgAC0AUABhAHQAdABlAHIAbgAgACIAYgByAC0AZQB0AGgAZQByAG4AZQB0ACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1876 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=484b11a2-93cf-4cec-b76c-ea7f8821eb50
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABvAHYAcwAtAHYAcwBjAHQAbAAgAC0ALQBkAGIAPQB0AGMAcAA6ADEAMgA3AC4AMAAuADAALgAxADoANgA2ADQAMAAgAHMAaABvAHcAIAB8ACAAUwBlAGwAZQBjAHQALQBTAHQAcgBpAG4AZwAgAC0AUABhAHQAdABlAHIAbgAgACIAYgByAC0AZQB0AGgAZQByAG4AZQB0ACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1875 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=484b11a2-93cf-4cec-b76c-ea7f8821eb50
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABvAHYAcwAtAHYAcwBjAHQAbAAgAC0ALQBkAGIAPQB0AGMAcAA6ADEAMgA3AC4AMAAuADAALgAxADoANgA2ADQAMAAgAHMAaABvAHcAIAB8ACAAUwBlAGwAZQBjAHQALQBTAHQAcgBpAG4AZwAgAC0AUABhAHQAdABlAHIAbgAgACIAYgByAC0AZQB0AGgAZQByAG4AZQB0ACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1874 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=484b11a2-93cf-4cec-b76c-ea7f8821eb50
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABvAHYAcwAtAHYAcwBjAHQAbAAgAC0ALQBkAGIAPQB0AGMAcAA6ADEAMgA3AC4AMAAuADAALgAxADoANgA2ADQAMAAgAHMAaABvAHcAIAB8ACAAUwBlAGwAZQBjAHQALQBTAHQAcgBpAG4AZwAgAC0AUABhAHQAdABlAHIAbgAgACIAYgByAC0AZQB0AGgAZQByAG4AZQB0ACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1873 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=726e63ac-803e-4cf6-b033-ed14d099793c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9114701c-fe1d-4e4c-bb25-e5e8c2bfac36
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1872 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=726e63ac-803e-4cf6-b033-ed14d099793c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9114701c-fe1d-4e4c-bb25-e5e8c2bfac36
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1871 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=726e63ac-803e-4cf6-b033-ed14d099793c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1870 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=726e63ac-803e-4cf6-b033-ed14d099793c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1869 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=726e63ac-803e-4cf6-b033-ed14d099793c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1868 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=726e63ac-803e-4cf6-b033-ed14d099793c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1867 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=726e63ac-803e-4cf6-b033-ed14d099793c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1866 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=726e63ac-803e-4cf6-b033-ed14d099793c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1865 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=726e63ac-803e-4cf6-b033-ed14d099793c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1864 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=726e63ac-803e-4cf6-b033-ed14d099793c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1863 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ef1dcca-b5e5-4a33-a016-17b1b6030ccd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e683847c-b33b-4d79-bf1c-72f4f841fa27
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1862 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ef1dcca-b5e5-4a33-a016-17b1b6030ccd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1861 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ef1dcca-b5e5-4a33-a016-17b1b6030ccd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1860 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ef1dcca-b5e5-4a33-a016-17b1b6030ccd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1859 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ef1dcca-b5e5-4a33-a016-17b1b6030ccd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1858 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ef1dcca-b5e5-4a33-a016-17b1b6030ccd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1857 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ef1dcca-b5e5-4a33-a016-17b1b6030ccd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1856 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:27 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=758f53ee-1ba8-4b13-9c53-0d1864a871bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b7e1fa32-c081-49f5-92ad-5ea4654d338e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1855 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a00a2c14-ec08-4264-acda-2f34a0bbbc54
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e15e9bd2-3584-4155-a975-78e9cb8aa310
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1854 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a00a2c14-ec08-4264-acda-2f34a0bbbc54
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1853 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a00a2c14-ec08-4264-acda-2f34a0bbbc54
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1852 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a00a2c14-ec08-4264-acda-2f34a0bbbc54
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1851 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a00a2c14-ec08-4264-acda-2f34a0bbbc54
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1850 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a00a2c14-ec08-4264-acda-2f34a0bbbc54
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1849 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a00a2c14-ec08-4264-acda-2f34a0bbbc54
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1848 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a00a2c14-ec08-4264-acda-2f34a0bbbc54
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1847 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a00a2c14-ec08-4264-acda-2f34a0bbbc54
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1846 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=758f53ee-1ba8-4b13-9c53-0d1864a871bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b7e1fa32-c081-49f5-92ad-5ea4654d338e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1845 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=758f53ee-1ba8-4b13-9c53-0d1864a871bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1844 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=758f53ee-1ba8-4b13-9c53-0d1864a871bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1843 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=758f53ee-1ba8-4b13-9c53-0d1864a871bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1842 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=758f53ee-1ba8-4b13-9c53-0d1864a871bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1841 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=758f53ee-1ba8-4b13-9c53-0d1864a871bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1840 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=758f53ee-1ba8-4b13-9c53-0d1864a871bf
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1839 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2ba02faa-862d-4645-ae17-94e3e108ba8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fd612729-fc8d-4af4-97ad-a6a5f81e36c6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1838 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a58e714c-b9cf-46c8-9c3c-a2783223fa36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9f679237-3aa3-4763-bbb3-d63aed543195
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1837 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a58e714c-b9cf-46c8-9c3c-a2783223fa36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1836 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a58e714c-b9cf-46c8-9c3c-a2783223fa36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1835 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a58e714c-b9cf-46c8-9c3c-a2783223fa36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1834 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a58e714c-b9cf-46c8-9c3c-a2783223fa36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1833 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a58e714c-b9cf-46c8-9c3c-a2783223fa36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1832 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a58e714c-b9cf-46c8-9c3c-a2783223fa36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1831 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a58e714c-b9cf-46c8-9c3c-a2783223fa36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1830 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a58e714c-b9cf-46c8-9c3c-a2783223fa36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1829 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2ba02faa-862d-4645-ae17-94e3e108ba8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fd612729-fc8d-4af4-97ad-a6a5f81e36c6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1828 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2ba02faa-862d-4645-ae17-94e3e108ba8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1827 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2ba02faa-862d-4645-ae17-94e3e108ba8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1826 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2ba02faa-862d-4645-ae17-94e3e108ba8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1825 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2ba02faa-862d-4645-ae17-94e3e108ba8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1824 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2ba02faa-862d-4645-ae17-94e3e108ba8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1823 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2ba02faa-862d-4645-ae17-94e3e108ba8e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1822 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d28f4780-367e-4ca9-8f5b-bd6ade650d0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d09f35b9-fb1f-456a-b8db-e00eb85b7258
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1821 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f9bfa77e-468e-4ec7-9b07-f1a423e4e8a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7c500a58-f8a4-44c3-8689-4fd36e5204fb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1820 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f9bfa77e-468e-4ec7-9b07-f1a423e4e8a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1819 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f9bfa77e-468e-4ec7-9b07-f1a423e4e8a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1818 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f9bfa77e-468e-4ec7-9b07-f1a423e4e8a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1817 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f9bfa77e-468e-4ec7-9b07-f1a423e4e8a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1816 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f9bfa77e-468e-4ec7-9b07-f1a423e4e8a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1815 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f9bfa77e-468e-4ec7-9b07-f1a423e4e8a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1814 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f9bfa77e-468e-4ec7-9b07-f1a423e4e8a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1813 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f9bfa77e-468e-4ec7-9b07-f1a423e4e8a9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1812 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d28f4780-367e-4ca9-8f5b-bd6ade650d0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d09f35b9-fb1f-456a-b8db-e00eb85b7258
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1811 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d28f4780-367e-4ca9-8f5b-bd6ade650d0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1810 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d28f4780-367e-4ca9-8f5b-bd6ade650d0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1809 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d28f4780-367e-4ca9-8f5b-bd6ade650d0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1808 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d28f4780-367e-4ca9-8f5b-bd6ade650d0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1807 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d28f4780-367e-4ca9-8f5b-bd6ade650d0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1806 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d28f4780-367e-4ca9-8f5b-bd6ade650d0a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1805 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6dd6513d-c449-4c06-b3b9-8405594320f3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9cc5c75e-842d-4587-81d0-36f18f27e45a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1804 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=06bbb8d6-9feb-4eaa-b720-8bd7a66cb521
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ecf0d5ea-90bc-4be6-bd98-681692c025a1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1803 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=06bbb8d6-9feb-4eaa-b720-8bd7a66cb521
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1802 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=06bbb8d6-9feb-4eaa-b720-8bd7a66cb521
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1801 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=06bbb8d6-9feb-4eaa-b720-8bd7a66cb521
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1800 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=06bbb8d6-9feb-4eaa-b720-8bd7a66cb521
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1799 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=06bbb8d6-9feb-4eaa-b720-8bd7a66cb521
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1798 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=06bbb8d6-9feb-4eaa-b720-8bd7a66cb521
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1797 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=06bbb8d6-9feb-4eaa-b720-8bd7a66cb521
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1796 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=06bbb8d6-9feb-4eaa-b720-8bd7a66cb521
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1795 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6dd6513d-c449-4c06-b3b9-8405594320f3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9cc5c75e-842d-4587-81d0-36f18f27e45a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1794 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6dd6513d-c449-4c06-b3b9-8405594320f3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1793 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6dd6513d-c449-4c06-b3b9-8405594320f3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1792 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6dd6513d-c449-4c06-b3b9-8405594320f3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1791 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6dd6513d-c449-4c06-b3b9-8405594320f3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1790 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6dd6513d-c449-4c06-b3b9-8405594320f3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1789 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6dd6513d-c449-4c06-b3b9-8405594320f3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1788 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fbcce450-b89f-4c0a-b2a6-5159e9aff369
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ee515b75-00b7-4c63-872c-908dc396f9a5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1787 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=95622be6-36dd-48d2-b85f-f21c397e42c2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBTAHcAaQB0AGMAaABFAHgAdABlAG4AcwBpAG8AbgAgAC0AVgBNAFMAdwBpAHQAYwBoAE4AYQBtAGUAIABiAHIALQBkAGEAdABhACAALQBOAGEAbQBlACAAIgBDAGwAbwB1AGQAYgBhAHMAZQAgAE8AcABlAG4AIAB2AFMAdwBpAHQAYwBoACAARQB4AHQAZQBuAHMAaQBvAG4AIgA=
EngineVersion=5.1.14393.1944
RunspaceId=18216c2c-07df-4619-bca9-fb443fd9ac65
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1786 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=95622be6-36dd-48d2-b85f-f21c397e42c2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBTAHcAaQB0AGMAaABFAHgAdABlAG4AcwBpAG8AbgAgAC0AVgBNAFMAdwBpAHQAYwBoAE4AYQBtAGUAIABiAHIALQBkAGEAdABhACAALQBOAGEAbQBlACAAIgBDAGwAbwB1AGQAYgBhAHMAZQAgAE8AcABlAG4AIAB2AFMAdwBpAHQAYwBoACAARQB4AHQAZQBuAHMAaQBvAG4AIgA=
EngineVersion=5.1.14393.1944
RunspaceId=18216c2c-07df-4619-bca9-fb443fd9ac65
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1785 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=95622be6-36dd-48d2-b85f-f21c397e42c2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBTAHcAaQB0AGMAaABFAHgAdABlAG4AcwBpAG8AbgAgAC0AVgBNAFMAdwBpAHQAYwBoAE4AYQBtAGUAIABiAHIALQBkAGEAdABhACAALQBOAGEAbQBlACAAIgBDAGwAbwB1AGQAYgBhAHMAZQAgAE8AcABlAG4AIAB2AFMAdwBpAHQAYwBoACAARQB4AHQAZQBuAHMAaQBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1784 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=95622be6-36dd-48d2-b85f-f21c397e42c2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBTAHcAaQB0AGMAaABFAHgAdABlAG4AcwBpAG8AbgAgAC0AVgBNAFMAdwBpAHQAYwBoAE4AYQBtAGUAIABiAHIALQBkAGEAdABhACAALQBOAGEAbQBlACAAIgBDAGwAbwB1AGQAYgBhAHMAZQAgAE8AcABlAG4AIAB2AFMAdwBpAHQAYwBoACAARQB4AHQAZQBuAHMAaQBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1783 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=95622be6-36dd-48d2-b85f-f21c397e42c2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBTAHcAaQB0AGMAaABFAHgAdABlAG4AcwBpAG8AbgAgAC0AVgBNAFMAdwBpAHQAYwBoAE4AYQBtAGUAIABiAHIALQBkAGEAdABhACAALQBOAGEAbQBlACAAIgBDAGwAbwB1AGQAYgBhAHMAZQAgAE8AcABlAG4AIAB2AFMAdwBpAHQAYwBoACAARQB4AHQAZQBuAHMAaQBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1782 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=95622be6-36dd-48d2-b85f-f21c397e42c2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBTAHcAaQB0AGMAaABFAHgAdABlAG4AcwBpAG8AbgAgAC0AVgBNAFMAdwBpAHQAYwBoAE4AYQBtAGUAIABiAHIALQBkAGEAdABhACAALQBOAGEAbQBlACAAIgBDAGwAbwB1AGQAYgBhAHMAZQAgAE8AcABlAG4AIAB2AFMAdwBpAHQAYwBoACAARQB4AHQAZQBuAHMAaQBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1781 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=95622be6-36dd-48d2-b85f-f21c397e42c2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBTAHcAaQB0AGMAaABFAHgAdABlAG4AcwBpAG8AbgAgAC0AVgBNAFMAdwBpAHQAYwBoAE4AYQBtAGUAIABiAHIALQBkAGEAdABhACAALQBOAGEAbQBlACAAIgBDAGwAbwB1AGQAYgBhAHMAZQAgAE8AcABlAG4AIAB2AFMAdwBpAHQAYwBoACAARQB4AHQAZQBuAHMAaQBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1780 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=95622be6-36dd-48d2-b85f-f21c397e42c2
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABFAG4AYQBiAGwAZQAtAFYATQBTAHcAaQB0AGMAaABFAHgAdABlAG4AcwBpAG8AbgAgAC0AVgBNAFMAdwBpAHQAYwBoAE4AYQBtAGUAIABiAHIALQBkAGEAdABhACAALQBOAGEAbQBlACAAIgBDAGwAbwB1AGQAYgBhAHMAZQAgAE8AcABlAG4AIAB2AFMAdwBpAHQAYwBoACAARQB4AHQAZQBuAHMAaQBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1779 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6a9da261-e69f-4242-b4e7-e5a7d97d863b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2d30a015-3c82-4009-9954-431e38d44262
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1778 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6a9da261-e69f-4242-b4e7-e5a7d97d863b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2d30a015-3c82-4009-9954-431e38d44262
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1777 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6a9da261-e69f-4242-b4e7-e5a7d97d863b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1776 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6a9da261-e69f-4242-b4e7-e5a7d97d863b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1775 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6a9da261-e69f-4242-b4e7-e5a7d97d863b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1774 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6a9da261-e69f-4242-b4e7-e5a7d97d863b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1773 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6a9da261-e69f-4242-b4e7-e5a7d97d863b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1772 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6a9da261-e69f-4242-b4e7-e5a7d97d863b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1771 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6a9da261-e69f-4242-b4e7-e5a7d97d863b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1770 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6a9da261-e69f-4242-b4e7-e5a7d97d863b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1769 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fbcce450-b89f-4c0a-b2a6-5159e9aff369
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ee515b75-00b7-4c63-872c-908dc396f9a5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1768 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fbcce450-b89f-4c0a-b2a6-5159e9aff369
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1767 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fbcce450-b89f-4c0a-b2a6-5159e9aff369
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1766 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fbcce450-b89f-4c0a-b2a6-5159e9aff369
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1765 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fbcce450-b89f-4c0a-b2a6-5159e9aff369
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1764 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fbcce450-b89f-4c0a-b2a6-5159e9aff369
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1763 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fbcce450-b89f-4c0a-b2a6-5159e9aff369
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1762 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7fee8c3d-0c64-4424-a6ef-9079ddedf094
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=22f3b0d8-f987-4c4e-b086-b9d0edd7c67a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1761 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88b957c0-142c-44e1-bd89-d627b3d51ffb
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFYATQBTAHcAaQB0AGMAaABFAHgAdABlAG4AcwBpAG8AbgAgAC0AVgBNAFMAdwBpAHQAYwBoAE4AYQBtAGUAIABiAHIALQBkAGEAdABhACAALQBOAGEAbQBlACAAIgBDAGwAbwB1AGQAYgBhAHMAZQAgAE8AcABlAG4AIAB2AFMAdwBpAHQAYwBoACAARQB4AHQAZQBuAHMAaQBvAG4AIgA=
EngineVersion=5.1.14393.1944
RunspaceId=8bd6adac-1ac9-458a-9e9d-632ce7308697
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1760 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88b957c0-142c-44e1-bd89-d627b3d51ffb
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFYATQBTAHcAaQB0AGMAaABFAHgAdABlAG4AcwBpAG8AbgAgAC0AVgBNAFMAdwBpAHQAYwBoAE4AYQBtAGUAIABiAHIALQBkAGEAdABhACAALQBOAGEAbQBlACAAIgBDAGwAbwB1AGQAYgBhAHMAZQAgAE8AcABlAG4AIAB2AFMAdwBpAHQAYwBoACAARQB4AHQAZQBuAHMAaQBvAG4AIgA=
EngineVersion=5.1.14393.1944
RunspaceId=8bd6adac-1ac9-458a-9e9d-632ce7308697
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1759 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88b957c0-142c-44e1-bd89-d627b3d51ffb
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFYATQBTAHcAaQB0AGMAaABFAHgAdABlAG4AcwBpAG8AbgAgAC0AVgBNAFMAdwBpAHQAYwBoAE4AYQBtAGUAIABiAHIALQBkAGEAdABhACAALQBOAGEAbQBlACAAIgBDAGwAbwB1AGQAYgBhAHMAZQAgAE8AcABlAG4AIAB2AFMAdwBpAHQAYwBoACAARQB4AHQAZQBuAHMAaQBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1758 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88b957c0-142c-44e1-bd89-d627b3d51ffb
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFYATQBTAHcAaQB0AGMAaABFAHgAdABlAG4AcwBpAG8AbgAgAC0AVgBNAFMAdwBpAHQAYwBoAE4AYQBtAGUAIABiAHIALQBkAGEAdABhACAALQBOAGEAbQBlACAAIgBDAGwAbwB1AGQAYgBhAHMAZQAgAE8AcABlAG4AIAB2AFMAdwBpAHQAYwBoACAARQB4AHQAZQBuAHMAaQBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1757 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88b957c0-142c-44e1-bd89-d627b3d51ffb
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFYATQBTAHcAaQB0AGMAaABFAHgAdABlAG4AcwBpAG8AbgAgAC0AVgBNAFMAdwBpAHQAYwBoAE4AYQBtAGUAIABiAHIALQBkAGEAdABhACAALQBOAGEAbQBlACAAIgBDAGwAbwB1AGQAYgBhAHMAZQAgAE8AcABlAG4AIAB2AFMAdwBpAHQAYwBoACAARQB4AHQAZQBuAHMAaQBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1756 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88b957c0-142c-44e1-bd89-d627b3d51ffb
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFYATQBTAHcAaQB0AGMAaABFAHgAdABlAG4AcwBpAG8AbgAgAC0AVgBNAFMAdwBpAHQAYwBoAE4AYQBtAGUAIABiAHIALQBkAGEAdABhACAALQBOAGEAbQBlACAAIgBDAGwAbwB1AGQAYgBhAHMAZQAgAE8AcABlAG4AIAB2AFMAdwBpAHQAYwBoACAARQB4AHQAZQBuAHMAaQBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1755 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88b957c0-142c-44e1-bd89-d627b3d51ffb
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFYATQBTAHcAaQB0AGMAaABFAHgAdABlAG4AcwBpAG8AbgAgAC0AVgBNAFMAdwBpAHQAYwBoAE4AYQBtAGUAIABiAHIALQBkAGEAdABhACAALQBOAGEAbQBlACAAIgBDAGwAbwB1AGQAYgBhAHMAZQAgAE8AcABlAG4AIAB2AFMAdwBpAHQAYwBoACAARQB4AHQAZQBuAHMAaQBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1754 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=88b957c0-142c-44e1-bd89-d627b3d51ffb
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFYATQBTAHcAaQB0AGMAaABFAHgAdABlAG4AcwBpAG8AbgAgAC0AVgBNAFMAdwBpAHQAYwBoAE4AYQBtAGUAIABiAHIALQBkAGEAdABhACAALQBOAGEAbQBlACAAIgBDAGwAbwB1AGQAYgBhAHMAZQAgAE8AcABlAG4AIAB2AFMAdwBpAHQAYwBoACAARQB4AHQAZQBuAHMAaQBvAG4AIgA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1753 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=05bfee32-7305-48d7-b72a-27e76fe9fa4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=123623ea-6ce8-48aa-89ff-648f7405084c
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1752 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=05bfee32-7305-48d7-b72a-27e76fe9fa4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=123623ea-6ce8-48aa-89ff-648f7405084c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1751 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=05bfee32-7305-48d7-b72a-27e76fe9fa4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1750 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=05bfee32-7305-48d7-b72a-27e76fe9fa4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1749 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=05bfee32-7305-48d7-b72a-27e76fe9fa4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1748 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=05bfee32-7305-48d7-b72a-27e76fe9fa4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1747 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=05bfee32-7305-48d7-b72a-27e76fe9fa4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1746 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=05bfee32-7305-48d7-b72a-27e76fe9fa4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1745 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=05bfee32-7305-48d7-b72a-27e76fe9fa4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1744 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=05bfee32-7305-48d7-b72a-27e76fe9fa4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1743 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7fee8c3d-0c64-4424-a6ef-9079ddedf094
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=22f3b0d8-f987-4c4e-b086-b9d0edd7c67a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1742 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7fee8c3d-0c64-4424-a6ef-9079ddedf094
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1741 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7fee8c3d-0c64-4424-a6ef-9079ddedf094
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1740 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7fee8c3d-0c64-4424-a6ef-9079ddedf094
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1739 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7fee8c3d-0c64-4424-a6ef-9079ddedf094
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1738 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7fee8c3d-0c64-4424-a6ef-9079ddedf094
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1737 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7fee8c3d-0c64-4424-a6ef-9079ddedf094
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1736 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=37
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8be2784-4d57-44c6-aee6-618e1a1aebfc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=55261a1b-ba52-4aca-ae8a-2a01621169be
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1735 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:52:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=35
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1dc598a5-77bb-4ef3-a00a-b0ffdaaf0965
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e8adc687-0976-4f08-b456-c40328251c40
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1734 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition @"
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1dc598a5-77bb-4ef3-a00a-b0ffdaaf0965
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e8adc687-0976-4f08-b456-c40328251c40
PipelineId=7
ScriptName=
CommandLine=Add-Type -TypeDefinition @"
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="public enum LocationType {
Empty,
Local,
Unc,
Http
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1733 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1dc598a5-77bb-4ef3-a00a-b0ffdaaf0965
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e8adc687-0976-4f08-b456-c40328251c40
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1732 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1dc598a5-77bb-4ef3-a00a-b0ffdaaf0965
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1731 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1dc598a5-77bb-4ef3-a00a-b0ffdaaf0965
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1730 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1dc598a5-77bb-4ef3-a00a-b0ffdaaf0965
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1729 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1dc598a5-77bb-4ef3-a00a-b0ffdaaf0965
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1728 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1dc598a5-77bb-4ef3-a00a-b0ffdaaf0965
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1727 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1dc598a5-77bb-4ef3-a00a-b0ffdaaf0965
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1726 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1dc598a5-77bb-4ef3-a00a-b0ffdaaf0965
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1725 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1dc598a5-77bb-4ef3-a00a-b0ffdaaf0965
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1724 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8be2784-4d57-44c6-aee6-618e1a1aebfc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=55261a1b-ba52-4aca-ae8a-2a01621169be
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1723 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8be2784-4d57-44c6-aee6-618e1a1aebfc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1722 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8be2784-4d57-44c6-aee6-618e1a1aebfc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1721 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8be2784-4d57-44c6-aee6-618e1a1aebfc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1720 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8be2784-4d57-44c6-aee6-618e1a1aebfc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1719 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8be2784-4d57-44c6-aee6-618e1a1aebfc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1718 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c8be2784-4d57-44c6-aee6-618e1a1aebfc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1717 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=59cc925a-277f-4c28-96c8-0b071f64545c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ed7a5a23-1ee7-4415-93e8-42cfc238a238
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1716 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=17
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aff1d7af-61b3-4cd8-91ad-fb5556b223f3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAIAAkAGMAZQByAHQAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBYADUAMAA5AEMAZQByAHQAaQBmAGkAYwBhAHQAZQBzAC4AWAA1ADAAOQBDAGUAcgB0AGkAZgBpAGMAYQB0AGUAMgAoACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAbwB2AHMALQBjAGUAcgB0AGkAZgBpAGMAYQB0AGUALgBjAGUAcgAiACkACgAgACQAcgBvAG8AdABTAHQAbwByAGUAIAA9ACAARwBlAHQALQBJAHQAZQBtACAAYwBlAHIAdAA6AFwATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAXABUAHIAdQBzAHQAZQBkAFAAdQBiAGwAaQBzAGgAZQByAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4ATwBwAGUAbgAoACIAUgBlAGEAZABXAHIAaQB0AGUAIgApAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4AQQBkAGQAKAAkAGMAZQByAHQAKQAKACAAJAByAG8AbwB0AFMAdABvAHIAZQAuAEMAbABvAHMAZQAoACkACgAgACQAcgBvAG8AdABTAHQAbwByAGUAIAA9ACAARwBlAHQALQBJAHQAZQBtACAAYwBlAHIAdAA6AFwATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAXABSAG8AbwB0AAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4ATwBwAGUAbgAoACIAUgBlAGEAZABXAHIAaQB0AGUAIgApAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4AQQBkAGQAKAAkAGMAZQByAHQAKQAKACAAJAByAG8AbwB0AFMAdABvAHIAZQAuAEMAbABvAHMAZQAoACkA
EngineVersion=5.1.14393.1944
RunspaceId=57ea17bb-addb-4a80-ac1d-dcf43d31c354
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1715 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aff1d7af-61b3-4cd8-91ad-fb5556b223f3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAIAAkAGMAZQByAHQAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBYADUAMAA5AEMAZQByAHQAaQBmAGkAYwBhAHQAZQBzAC4AWAA1ADAAOQBDAGUAcgB0AGkAZgBpAGMAYQB0AGUAMgAoACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAbwB2AHMALQBjAGUAcgB0AGkAZgBpAGMAYQB0AGUALgBjAGUAcgAiACkACgAgACQAcgBvAG8AdABTAHQAbwByAGUAIAA9ACAARwBlAHQALQBJAHQAZQBtACAAYwBlAHIAdAA6AFwATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAXABUAHIAdQBzAHQAZQBkAFAAdQBiAGwAaQBzAGgAZQByAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4ATwBwAGUAbgAoACIAUgBlAGEAZABXAHIAaQB0AGUAIgApAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4AQQBkAGQAKAAkAGMAZQByAHQAKQAKACAAJAByAG8AbwB0AFMAdABvAHIAZQAuAEMAbABvAHMAZQAoACkACgAgACQAcgBvAG8AdABTAHQAbwByAGUAIAA9ACAARwBlAHQALQBJAHQAZQBtACAAYwBlAHIAdAA6AFwATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAXABSAG8AbwB0AAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4ATwBwAGUAbgAoACIAUgBlAGEAZABXAHIAaQB0AGUAIgApAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4AQQBkAGQAKAAkAGMAZQByAHQAKQAKACAAJAByAG8AbwB0AFMAdABvAHIAZQAuAEMAbABvAHMAZQAoACkA
EngineVersion=5.1.14393.1944
RunspaceId=57ea17bb-addb-4a80-ac1d-dcf43d31c354
PipelineId=4
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1714 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aff1d7af-61b3-4cd8-91ad-fb5556b223f3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAIAAkAGMAZQByAHQAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBYADUAMAA5AEMAZQByAHQAaQBmAGkAYwBhAHQAZQBzAC4AWAA1ADAAOQBDAGUAcgB0AGkAZgBpAGMAYQB0AGUAMgAoACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAbwB2AHMALQBjAGUAcgB0AGkAZgBpAGMAYQB0AGUALgBjAGUAcgAiACkACgAgACQAcgBvAG8AdABTAHQAbwByAGUAIAA9ACAARwBlAHQALQBJAHQAZQBtACAAYwBlAHIAdAA6AFwATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAXABUAHIAdQBzAHQAZQBkAFAAdQBiAGwAaQBzAGgAZQByAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4ATwBwAGUAbgAoACIAUgBlAGEAZABXAHIAaQB0AGUAIgApAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4AQQBkAGQAKAAkAGMAZQByAHQAKQAKACAAJAByAG8AbwB0AFMAdABvAHIAZQAuAEMAbABvAHMAZQAoACkACgAgACQAcgBvAG8AdABTAHQAbwByAGUAIAA9ACAARwBlAHQALQBJAHQAZQBtACAAYwBlAHIAdAA6AFwATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAXABSAG8AbwB0AAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4ATwBwAGUAbgAoACIAUgBlAGEAZABXAHIAaQB0AGUAIgApAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4AQQBkAGQAKAAkAGMAZQByAHQAKQAKACAAJAByAG8AbwB0AFMAdABvAHIAZQAuAEMAbABvAHMAZQAoACkA
EngineVersion=5.1.14393.1944
RunspaceId=57ea17bb-addb-4a80-ac1d-dcf43d31c354
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1713 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aff1d7af-61b3-4cd8-91ad-fb5556b223f3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAIAAkAGMAZQByAHQAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBYADUAMAA5AEMAZQByAHQAaQBmAGkAYwBhAHQAZQBzAC4AWAA1ADAAOQBDAGUAcgB0AGkAZgBpAGMAYQB0AGUAMgAoACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAbwB2AHMALQBjAGUAcgB0AGkAZgBpAGMAYQB0AGUALgBjAGUAcgAiACkACgAgACQAcgBvAG8AdABTAHQAbwByAGUAIAA9ACAARwBlAHQALQBJAHQAZQBtACAAYwBlAHIAdAA6AFwATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAXABUAHIAdQBzAHQAZQBkAFAAdQBiAGwAaQBzAGgAZQByAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4ATwBwAGUAbgAoACIAUgBlAGEAZABXAHIAaQB0AGUAIgApAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4AQQBkAGQAKAAkAGMAZQByAHQAKQAKACAAJAByAG8AbwB0AFMAdABvAHIAZQAuAEMAbABvAHMAZQAoACkACgAgACQAcgBvAG8AdABTAHQAbwByAGUAIAA9ACAARwBlAHQALQBJAHQAZQBtACAAYwBlAHIAdAA6AFwATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAXABSAG8AbwB0AAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4ATwBwAGUAbgAoACIAUgBlAGEAZABXAHIAaQB0AGUAIgApAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4AQQBkAGQAKAAkAGMAZQByAHQAKQAKACAAJAByAG8AbwB0AFMAdABvAHIAZQAuAEMAbABvAHMAZQAoACkA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1712 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aff1d7af-61b3-4cd8-91ad-fb5556b223f3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAIAAkAGMAZQByAHQAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBYADUAMAA5AEMAZQByAHQAaQBmAGkAYwBhAHQAZQBzAC4AWAA1ADAAOQBDAGUAcgB0AGkAZgBpAGMAYQB0AGUAMgAoACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAbwB2AHMALQBjAGUAcgB0AGkAZgBpAGMAYQB0AGUALgBjAGUAcgAiACkACgAgACQAcgBvAG8AdABTAHQAbwByAGUAIAA9ACAARwBlAHQALQBJAHQAZQBtACAAYwBlAHIAdAA6AFwATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAXABUAHIAdQBzAHQAZQBkAFAAdQBiAGwAaQBzAGgAZQByAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4ATwBwAGUAbgAoACIAUgBlAGEAZABXAHIAaQB0AGUAIgApAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4AQQBkAGQAKAAkAGMAZQByAHQAKQAKACAAJAByAG8AbwB0AFMAdABvAHIAZQAuAEMAbABvAHMAZQAoACkACgAgACQAcgBvAG8AdABTAHQAbwByAGUAIAA9ACAARwBlAHQALQBJAHQAZQBtACAAYwBlAHIAdAA6AFwATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAXABSAG8AbwB0AAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4ATwBwAGUAbgAoACIAUgBlAGEAZABXAHIAaQB0AGUAIgApAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4AQQBkAGQAKAAkAGMAZQByAHQAKQAKACAAJAByAG8AbwB0AFMAdABvAHIAZQAuAEMAbABvAHMAZQAoACkA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1711 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aff1d7af-61b3-4cd8-91ad-fb5556b223f3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAIAAkAGMAZQByAHQAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBYADUAMAA5AEMAZQByAHQAaQBmAGkAYwBhAHQAZQBzAC4AWAA1ADAAOQBDAGUAcgB0AGkAZgBpAGMAYQB0AGUAMgAoACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAbwB2AHMALQBjAGUAcgB0AGkAZgBpAGMAYQB0AGUALgBjAGUAcgAiACkACgAgACQAcgBvAG8AdABTAHQAbwByAGUAIAA9ACAARwBlAHQALQBJAHQAZQBtACAAYwBlAHIAdAA6AFwATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAXABUAHIAdQBzAHQAZQBkAFAAdQBiAGwAaQBzAGgAZQByAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4ATwBwAGUAbgAoACIAUgBlAGEAZABXAHIAaQB0AGUAIgApAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4AQQBkAGQAKAAkAGMAZQByAHQAKQAKACAAJAByAG8AbwB0AFMAdABvAHIAZQAuAEMAbABvAHMAZQAoACkACgAgACQAcgBvAG8AdABTAHQAbwByAGUAIAA9ACAARwBlAHQALQBJAHQAZQBtACAAYwBlAHIAdAA6AFwATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAXABSAG8AbwB0AAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4ATwBwAGUAbgAoACIAUgBlAGEAZABXAHIAaQB0AGUAIgApAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4AQQBkAGQAKAAkAGMAZQByAHQAKQAKACAAJAByAG8AbwB0AFMAdABvAHIAZQAuAEMAbABvAHMAZQAoACkA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1710 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aff1d7af-61b3-4cd8-91ad-fb5556b223f3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAIAAkAGMAZQByAHQAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBYADUAMAA5AEMAZQByAHQAaQBmAGkAYwBhAHQAZQBzAC4AWAA1ADAAOQBDAGUAcgB0AGkAZgBpAGMAYQB0AGUAMgAoACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAbwB2AHMALQBjAGUAcgB0AGkAZgBpAGMAYQB0AGUALgBjAGUAcgAiACkACgAgACQAcgBvAG8AdABTAHQAbwByAGUAIAA9ACAARwBlAHQALQBJAHQAZQBtACAAYwBlAHIAdAA6AFwATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAXABUAHIAdQBzAHQAZQBkAFAAdQBiAGwAaQBzAGgAZQByAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4ATwBwAGUAbgAoACIAUgBlAGEAZABXAHIAaQB0AGUAIgApAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4AQQBkAGQAKAAkAGMAZQByAHQAKQAKACAAJAByAG8AbwB0AFMAdABvAHIAZQAuAEMAbABvAHMAZQAoACkACgAgACQAcgBvAG8AdABTAHQAbwByAGUAIAA9ACAARwBlAHQALQBJAHQAZQBtACAAYwBlAHIAdAA6AFwATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAXABSAG8AbwB0AAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4ATwBwAGUAbgAoACIAUgBlAGEAZABXAHIAaQB0AGUAIgApAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4AQQBkAGQAKAAkAGMAZQByAHQAKQAKACAAJAByAG8AbwB0AFMAdABvAHIAZQAuAEMAbABvAHMAZQAoACkA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1709 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aff1d7af-61b3-4cd8-91ad-fb5556b223f3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAIAAkAGMAZQByAHQAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBYADUAMAA5AEMAZQByAHQAaQBmAGkAYwBhAHQAZQBzAC4AWAA1ADAAOQBDAGUAcgB0AGkAZgBpAGMAYQB0AGUAMgAoACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAbwB2AHMALQBjAGUAcgB0AGkAZgBpAGMAYQB0AGUALgBjAGUAcgAiACkACgAgACQAcgBvAG8AdABTAHQAbwByAGUAIAA9ACAARwBlAHQALQBJAHQAZQBtACAAYwBlAHIAdAA6AFwATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAXABUAHIAdQBzAHQAZQBkAFAAdQBiAGwAaQBzAGgAZQByAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4ATwBwAGUAbgAoACIAUgBlAGEAZABXAHIAaQB0AGUAIgApAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4AQQBkAGQAKAAkAGMAZQByAHQAKQAKACAAJAByAG8AbwB0AFMAdABvAHIAZQAuAEMAbABvAHMAZQAoACkACgAgACQAcgBvAG8AdABTAHQAbwByAGUAIAA9ACAARwBlAHQALQBJAHQAZQBtACAAYwBlAHIAdAA6AFwATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAXABSAG8AbwB0AAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4ATwBwAGUAbgAoACIAUgBlAGEAZABXAHIAaQB0AGUAIgApAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4AQQBkAGQAKAAkAGMAZQByAHQAKQAKACAAJAByAG8AbwB0AFMAdABvAHIAZQAuAEMAbABvAHMAZQAoACkA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1708 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aff1d7af-61b3-4cd8-91ad-fb5556b223f3
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAIAAkAGMAZQByAHQAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBYADUAMAA5AEMAZQByAHQAaQBmAGkAYwBhAHQAZQBzAC4AWAA1ADAAOQBDAGUAcgB0AGkAZgBpAGMAYQB0AGUAMgAoACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAbwB2AHMALQBjAGUAcgB0AGkAZgBpAGMAYQB0AGUALgBjAGUAcgAiACkACgAgACQAcgBvAG8AdABTAHQAbwByAGUAIAA9ACAARwBlAHQALQBJAHQAZQBtACAAYwBlAHIAdAA6AFwATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAXABUAHIAdQBzAHQAZQBkAFAAdQBiAGwAaQBzAGgAZQByAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4ATwBwAGUAbgAoACIAUgBlAGEAZABXAHIAaQB0AGUAIgApAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4AQQBkAGQAKAAkAGMAZQByAHQAKQAKACAAJAByAG8AbwB0AFMAdABvAHIAZQAuAEMAbABvAHMAZQAoACkACgAgACQAcgBvAG8AdABTAHQAbwByAGUAIAA9ACAARwBlAHQALQBJAHQAZQBtACAAYwBlAHIAdAA6AFwATABvAGMAYQBsAE0AYQBjAGgAaQBuAGUAXABSAG8AbwB0AAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4ATwBwAGUAbgAoACIAUgBlAGEAZABXAHIAaQB0AGUAIgApAAoAIAAkAHIAbwBvAHQAUwB0AG8AcgBlAC4AQQBkAGQAKAAkAGMAZQByAHQAKQAKACAAJAByAG8AbwB0AFMAdABvAHIAZQAuAEMAbABvAHMAZQAoACkA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1707 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e192bfd5-9f54-4533-8bec-59d15d5f6a9f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e8aa9549-930c-46d5-b795-9ed87672b9a4
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1706 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e192bfd5-9f54-4533-8bec-59d15d5f6a9f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e8aa9549-930c-46d5-b795-9ed87672b9a4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1705 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e192bfd5-9f54-4533-8bec-59d15d5f6a9f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1704 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e192bfd5-9f54-4533-8bec-59d15d5f6a9f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1703 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e192bfd5-9f54-4533-8bec-59d15d5f6a9f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1702 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e192bfd5-9f54-4533-8bec-59d15d5f6a9f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1701 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e192bfd5-9f54-4533-8bec-59d15d5f6a9f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1700 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e192bfd5-9f54-4533-8bec-59d15d5f6a9f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1699 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e192bfd5-9f54-4533-8bec-59d15d5f6a9f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1698 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e192bfd5-9f54-4533-8bec-59d15d5f6a9f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1697 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=59cc925a-277f-4c28-96c8-0b071f64545c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ed7a5a23-1ee7-4415-93e8-42cfc238a238
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1696 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=59cc925a-277f-4c28-96c8-0b071f64545c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1695 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=59cc925a-277f-4c28-96c8-0b071f64545c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1694 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=59cc925a-277f-4c28-96c8-0b071f64545c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1693 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=59cc925a-277f-4c28-96c8-0b071f64545c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1692 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=59cc925a-277f-4c28-96c8-0b071f64545c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1691 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=59cc925a-277f-4c28-96c8-0b071f64545c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1690 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6c5ed31a-3c2b-47f6-a53e-cb0e29e0ccd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=64de32c8-dde7-44ca-b41f-fdbac8756191
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1689 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=17
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99de8178-9c6f-497d-a827-c19723fcb7d1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAIAAkAGQAcgBpAHYAZQByAEYAaQBsAGUAIAA9ACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABvAHYAcwAuAG0AcwBpACIACgAgACQAbwB1AHQAcAB1AHQARgBpAGwAZQAgAD0AIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAG8AdgBzAC0AYwBlAHIAdABpAGYAaQBjAGEAdABlAC4AYwBlAHIAIgAKACAAJABlAHgAcABvAHIAdABUAHkAcABlACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFgANQAwADkAQwBlAHIAdABpAGYAaQBjAGEAdABlAHMALgBYADUAMAA5AEMAbwBuAHQAZQBuAHQAVAB5AHAAZQBdADoAOgBDAGUAcgB0AAoAIAAkAGMAZQByAHQAIAA9ACAAKABHAGUAdAAtAEEAdQB0AGgAZQBuAHQAaQBjAG8AZABlAFMAaQBnAG4AYQB0AHUAcgBlACAAJABkAHIAaQB2AGUAcgBGAGkAbABlACkALgBTAGkAZwBuAGUAcgBDAGUAcgB0AGkAZgBpAGMAYQB0AGUACgAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFcAcgBpAHQAZQBBAGwAbABCAHkAdABlAHMAKAAkAG8AdQB0AHAAdQB0AEYAaQBsAGUALAAgACQAYwBlAHIAdAAuAEUAeABwAG8AcgB0ACgAJABlAHgAcABvAHIAdABUAHkAcABlACkAKQA=
EngineVersion=5.1.14393.1944
RunspaceId=633805a0-b130-4cdf-aa3f-f9585a9a5512
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1688 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99de8178-9c6f-497d-a827-c19723fcb7d1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAIAAkAGQAcgBpAHYAZQByAEYAaQBsAGUAIAA9ACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABvAHYAcwAuAG0AcwBpACIACgAgACQAbwB1AHQAcAB1AHQARgBpAGwAZQAgAD0AIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAG8AdgBzAC0AYwBlAHIAdABpAGYAaQBjAGEAdABlAC4AYwBlAHIAIgAKACAAJABlAHgAcABvAHIAdABUAHkAcABlACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFgANQAwADkAQwBlAHIAdABpAGYAaQBjAGEAdABlAHMALgBYADUAMAA5AEMAbwBuAHQAZQBuAHQAVAB5AHAAZQBdADoAOgBDAGUAcgB0AAoAIAAkAGMAZQByAHQAIAA9ACAAKABHAGUAdAAtAEEAdQB0AGgAZQBuAHQAaQBjAG8AZABlAFMAaQBnAG4AYQB0AHUAcgBlACAAJABkAHIAaQB2AGUAcgBGAGkAbABlACkALgBTAGkAZwBuAGUAcgBDAGUAcgB0AGkAZgBpAGMAYQB0AGUACgAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFcAcgBpAHQAZQBBAGwAbABCAHkAdABlAHMAKAAkAG8AdQB0AHAAdQB0AEYAaQBsAGUALAAgACQAYwBlAHIAdAAuAEUAeABwAG8AcgB0ACgAJABlAHgAcABvAHIAdABUAHkAcABlACkAKQA=
EngineVersion=5.1.14393.1944
RunspaceId=633805a0-b130-4cdf-aa3f-f9585a9a5512
PipelineId=3
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1687 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99de8178-9c6f-497d-a827-c19723fcb7d1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAIAAkAGQAcgBpAHYAZQByAEYAaQBsAGUAIAA9ACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABvAHYAcwAuAG0AcwBpACIACgAgACQAbwB1AHQAcAB1AHQARgBpAGwAZQAgAD0AIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAG8AdgBzAC0AYwBlAHIAdABpAGYAaQBjAGEAdABlAC4AYwBlAHIAIgAKACAAJABlAHgAcABvAHIAdABUAHkAcABlACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFgANQAwADkAQwBlAHIAdABpAGYAaQBjAGEAdABlAHMALgBYADUAMAA5AEMAbwBuAHQAZQBuAHQAVAB5AHAAZQBdADoAOgBDAGUAcgB0AAoAIAAkAGMAZQByAHQAIAA9ACAAKABHAGUAdAAtAEEAdQB0AGgAZQBuAHQAaQBjAG8AZABlAFMAaQBnAG4AYQB0AHUAcgBlACAAJABkAHIAaQB2AGUAcgBGAGkAbABlACkALgBTAGkAZwBuAGUAcgBDAGUAcgB0AGkAZgBpAGMAYQB0AGUACgAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFcAcgBpAHQAZQBBAGwAbABCAHkAdABlAHMAKAAkAG8AdQB0AHAAdQB0AEYAaQBsAGUALAAgACQAYwBlAHIAdAAuAEUAeABwAG8AcgB0ACgAJABlAHgAcABvAHIAdABUAHkAcABlACkAKQA=
EngineVersion=5.1.14393.1944
RunspaceId=633805a0-b130-4cdf-aa3f-f9585a9a5512
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1686 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99de8178-9c6f-497d-a827-c19723fcb7d1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAIAAkAGQAcgBpAHYAZQByAEYAaQBsAGUAIAA9ACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABvAHYAcwAuAG0AcwBpACIACgAgACQAbwB1AHQAcAB1AHQARgBpAGwAZQAgAD0AIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAG8AdgBzAC0AYwBlAHIAdABpAGYAaQBjAGEAdABlAC4AYwBlAHIAIgAKACAAJABlAHgAcABvAHIAdABUAHkAcABlACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFgANQAwADkAQwBlAHIAdABpAGYAaQBjAGEAdABlAHMALgBYADUAMAA5AEMAbwBuAHQAZQBuAHQAVAB5AHAAZQBdADoAOgBDAGUAcgB0AAoAIAAkAGMAZQByAHQAIAA9ACAAKABHAGUAdAAtAEEAdQB0AGgAZQBuAHQAaQBjAG8AZABlAFMAaQBnAG4AYQB0AHUAcgBlACAAJABkAHIAaQB2AGUAcgBGAGkAbABlACkALgBTAGkAZwBuAGUAcgBDAGUAcgB0AGkAZgBpAGMAYQB0AGUACgAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFcAcgBpAHQAZQBBAGwAbABCAHkAdABlAHMAKAAkAG8AdQB0AHAAdQB0AEYAaQBsAGUALAAgACQAYwBlAHIAdAAuAEUAeABwAG8AcgB0ACgAJABlAHgAcABvAHIAdABUAHkAcABlACkAKQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1685 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99de8178-9c6f-497d-a827-c19723fcb7d1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAIAAkAGQAcgBpAHYAZQByAEYAaQBsAGUAIAA9ACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABvAHYAcwAuAG0AcwBpACIACgAgACQAbwB1AHQAcAB1AHQARgBpAGwAZQAgAD0AIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAG8AdgBzAC0AYwBlAHIAdABpAGYAaQBjAGEAdABlAC4AYwBlAHIAIgAKACAAJABlAHgAcABvAHIAdABUAHkAcABlACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFgANQAwADkAQwBlAHIAdABpAGYAaQBjAGEAdABlAHMALgBYADUAMAA5AEMAbwBuAHQAZQBuAHQAVAB5AHAAZQBdADoAOgBDAGUAcgB0AAoAIAAkAGMAZQByAHQAIAA9ACAAKABHAGUAdAAtAEEAdQB0AGgAZQBuAHQAaQBjAG8AZABlAFMAaQBnAG4AYQB0AHUAcgBlACAAJABkAHIAaQB2AGUAcgBGAGkAbABlACkALgBTAGkAZwBuAGUAcgBDAGUAcgB0AGkAZgBpAGMAYQB0AGUACgAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFcAcgBpAHQAZQBBAGwAbABCAHkAdABlAHMAKAAkAG8AdQB0AHAAdQB0AEYAaQBsAGUALAAgACQAYwBlAHIAdAAuAEUAeABwAG8AcgB0ACgAJABlAHgAcABvAHIAdABUAHkAcABlACkAKQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1684 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99de8178-9c6f-497d-a827-c19723fcb7d1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAIAAkAGQAcgBpAHYAZQByAEYAaQBsAGUAIAA9ACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABvAHYAcwAuAG0AcwBpACIACgAgACQAbwB1AHQAcAB1AHQARgBpAGwAZQAgAD0AIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAG8AdgBzAC0AYwBlAHIAdABpAGYAaQBjAGEAdABlAC4AYwBlAHIAIgAKACAAJABlAHgAcABvAHIAdABUAHkAcABlACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFgANQAwADkAQwBlAHIAdABpAGYAaQBjAGEAdABlAHMALgBYADUAMAA5AEMAbwBuAHQAZQBuAHQAVAB5AHAAZQBdADoAOgBDAGUAcgB0AAoAIAAkAGMAZQByAHQAIAA9ACAAKABHAGUAdAAtAEEAdQB0AGgAZQBuAHQAaQBjAG8AZABlAFMAaQBnAG4AYQB0AHUAcgBlACAAJABkAHIAaQB2AGUAcgBGAGkAbABlACkALgBTAGkAZwBuAGUAcgBDAGUAcgB0AGkAZgBpAGMAYQB0AGUACgAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFcAcgBpAHQAZQBBAGwAbABCAHkAdABlAHMAKAAkAG8AdQB0AHAAdQB0AEYAaQBsAGUALAAgACQAYwBlAHIAdAAuAEUAeABwAG8AcgB0ACgAJABlAHgAcABvAHIAdABUAHkAcABlACkAKQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1683 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99de8178-9c6f-497d-a827-c19723fcb7d1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAIAAkAGQAcgBpAHYAZQByAEYAaQBsAGUAIAA9ACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABvAHYAcwAuAG0AcwBpACIACgAgACQAbwB1AHQAcAB1AHQARgBpAGwAZQAgAD0AIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAG8AdgBzAC0AYwBlAHIAdABpAGYAaQBjAGEAdABlAC4AYwBlAHIAIgAKACAAJABlAHgAcABvAHIAdABUAHkAcABlACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFgANQAwADkAQwBlAHIAdABpAGYAaQBjAGEAdABlAHMALgBYADUAMAA5AEMAbwBuAHQAZQBuAHQAVAB5AHAAZQBdADoAOgBDAGUAcgB0AAoAIAAkAGMAZQByAHQAIAA9ACAAKABHAGUAdAAtAEEAdQB0AGgAZQBuAHQAaQBjAG8AZABlAFMAaQBnAG4AYQB0AHUAcgBlACAAJABkAHIAaQB2AGUAcgBGAGkAbABlACkALgBTAGkAZwBuAGUAcgBDAGUAcgB0AGkAZgBpAGMAYQB0AGUACgAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFcAcgBpAHQAZQBBAGwAbABCAHkAdABlAHMAKAAkAG8AdQB0AHAAdQB0AEYAaQBsAGUALAAgACQAYwBlAHIAdAAuAEUAeABwAG8AcgB0ACgAJABlAHgAcABvAHIAdABUAHkAcABlACkAKQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1682 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99de8178-9c6f-497d-a827-c19723fcb7d1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAIAAkAGQAcgBpAHYAZQByAEYAaQBsAGUAIAA9ACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABvAHYAcwAuAG0AcwBpACIACgAgACQAbwB1AHQAcAB1AHQARgBpAGwAZQAgAD0AIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAG8AdgBzAC0AYwBlAHIAdABpAGYAaQBjAGEAdABlAC4AYwBlAHIAIgAKACAAJABlAHgAcABvAHIAdABUAHkAcABlACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFgANQAwADkAQwBlAHIAdABpAGYAaQBjAGEAdABlAHMALgBYADUAMAA5AEMAbwBuAHQAZQBuAHQAVAB5AHAAZQBdADoAOgBDAGUAcgB0AAoAIAAkAGMAZQByAHQAIAA9ACAAKABHAGUAdAAtAEEAdQB0AGgAZQBuAHQAaQBjAG8AZABlAFMAaQBnAG4AYQB0AHUAcgBlACAAJABkAHIAaQB2AGUAcgBGAGkAbABlACkALgBTAGkAZwBuAGUAcgBDAGUAcgB0AGkAZgBpAGMAYQB0AGUACgAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFcAcgBpAHQAZQBBAGwAbABCAHkAdABlAHMAKAAkAG8AdQB0AHAAdQB0AEYAaQBsAGUALAAgACQAYwBlAHIAdAAuAEUAeABwAG8AcgB0ACgAJABlAHgAcABvAHIAdABUAHkAcABlACkAKQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1681 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=99de8178-9c6f-497d-a827-c19723fcb7d1
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAIAAkAGQAcgBpAHYAZQByAEYAaQBsAGUAIAA9ACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABvAHYAcwAuAG0AcwBpACIACgAgACQAbwB1AHQAcAB1AHQARgBpAGwAZQAgAD0AIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAG8AdgBzAC0AYwBlAHIAdABpAGYAaQBjAGEAdABlAC4AYwBlAHIAIgAKACAAJABlAHgAcABvAHIAdABUAHkAcABlACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFgANQAwADkAQwBlAHIAdABpAGYAaQBjAGEAdABlAHMALgBYADUAMAA5AEMAbwBuAHQAZQBuAHQAVAB5AHAAZQBdADoAOgBDAGUAcgB0AAoAIAAkAGMAZQByAHQAIAA9ACAAKABHAGUAdAAtAEEAdQB0AGgAZQBuAHQAaQBjAG8AZABlAFMAaQBnAG4AYQB0AHUAcgBlACAAJABkAHIAaQB2AGUAcgBGAGkAbABlACkALgBTAGkAZwBuAGUAcgBDAGUAcgB0AGkAZgBpAGMAYQB0AGUACgAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFcAcgBpAHQAZQBBAGwAbABCAHkAdABlAHMAKAAkAG8AdQB0AHAAdQB0AEYAaQBsAGUALAAgACQAYwBlAHIAdAAuAEUAeABwAG8AcgB0ACgAJABlAHgAcABvAHIAdABUAHkAcABlACkAKQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1680 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d9281441-f4d5-4375-809e-e4b5a765b08a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=38fdaaaa-1dc5-4cac-bc22-e8bb8b9f95b2
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1679 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d9281441-f4d5-4375-809e-e4b5a765b08a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=38fdaaaa-1dc5-4cac-bc22-e8bb8b9f95b2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1678 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d9281441-f4d5-4375-809e-e4b5a765b08a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1677 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d9281441-f4d5-4375-809e-e4b5a765b08a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1676 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d9281441-f4d5-4375-809e-e4b5a765b08a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1675 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d9281441-f4d5-4375-809e-e4b5a765b08a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1674 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d9281441-f4d5-4375-809e-e4b5a765b08a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1673 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d9281441-f4d5-4375-809e-e4b5a765b08a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1672 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d9281441-f4d5-4375-809e-e4b5a765b08a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1671 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d9281441-f4d5-4375-809e-e4b5a765b08a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1670 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6c5ed31a-3c2b-47f6-a53e-cb0e29e0ccd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=64de32c8-dde7-44ca-b41f-fdbac8756191
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1669 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6c5ed31a-3c2b-47f6-a53e-cb0e29e0ccd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1668 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6c5ed31a-3c2b-47f6-a53e-cb0e29e0ccd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1667 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6c5ed31a-3c2b-47f6-a53e-cb0e29e0ccd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1666 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6c5ed31a-3c2b-47f6-a53e-cb0e29e0ccd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1665 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6c5ed31a-3c2b-47f6-a53e-cb0e29e0ccd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1664 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6c5ed31a-3c2b-47f6-a53e-cb0e29e0ccd6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1663 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fbfa3030-af1c-4e49-bbca-5cc70a62e3e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a83ef606-12d7-462b-a988-893c48efb0db
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1662 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=274fe3ff-d798-4c7c-9525-03e9976e4620
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0b5cc7ab-1c8a-4048-9000-31974aa4de26
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1661 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=274fe3ff-d798-4c7c-9525-03e9976e4620
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0b5cc7ab-1c8a-4048-9000-31974aa4de26
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1660 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=274fe3ff-d798-4c7c-9525-03e9976e4620
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1659 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=274fe3ff-d798-4c7c-9525-03e9976e4620
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1658 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=274fe3ff-d798-4c7c-9525-03e9976e4620
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1657 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=274fe3ff-d798-4c7c-9525-03e9976e4620
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1656 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=274fe3ff-d798-4c7c-9525-03e9976e4620
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1655 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=274fe3ff-d798-4c7c-9525-03e9976e4620
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1654 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=274fe3ff-d798-4c7c-9525-03e9976e4620
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1653 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=274fe3ff-d798-4c7c-9525-03e9976e4620
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1652 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fbfa3030-af1c-4e49-bbca-5cc70a62e3e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a83ef606-12d7-462b-a988-893c48efb0db
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1651 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fbfa3030-af1c-4e49-bbca-5cc70a62e3e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1650 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fbfa3030-af1c-4e49-bbca-5cc70a62e3e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1649 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fbfa3030-af1c-4e49-bbca-5cc70a62e3e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1648 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fbfa3030-af1c-4e49-bbca-5cc70a62e3e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1647 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fbfa3030-af1c-4e49-bbca-5cc70a62e3e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1646 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fbfa3030-af1c-4e49-bbca-5cc70a62e3e5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1645 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=631c219f-3af5-48b9-9fac-c301b525fda9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=56a8438f-36f1-463d-b873-18bc9ee02b4a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1644 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c3001ce2-d42e-496d-aee2-b07b1467bc56
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA=
EngineVersion=5.1.14393.1944
RunspaceId=47a529a4-0ca8-4e86-909e-633518b3851a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1643 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c3001ce2-d42e-496d-aee2-b07b1467bc56
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA=
EngineVersion=5.1.14393.1944
RunspaceId=47a529a4-0ca8-4e86-909e-633518b3851a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1642 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c3001ce2-d42e-496d-aee2-b07b1467bc56
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1641 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c3001ce2-d42e-496d-aee2-b07b1467bc56
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1640 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c3001ce2-d42e-496d-aee2-b07b1467bc56
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1639 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c3001ce2-d42e-496d-aee2-b07b1467bc56
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1638 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c3001ce2-d42e-496d-aee2-b07b1467bc56
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1637 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c3001ce2-d42e-496d-aee2-b07b1467bc56
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIAAoAGcAYwAgAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAYgB1AGkAbABkAFwAXAByAGUAcQB1AGkAcgBlAG0AZQBuAHQAcwBcAFwAdQBwAHAAZQByAC0AYwBvAG4AcwB0AHIAYQBpAG4AdABzAC4AdAB4AHQAKQAgAC0AcgBlAHAAbABhAGMAZQAgACIAXgB5AGEAcABwAGkALgAqACIALAAgACIAeQBhAHAAcABpAD0APQA9ADEALgAwACIAIAB8ACAAUwBlAHQALQBDAG8AbgB0AGUAbgB0ACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAXABcAHIAZQBxAHUAaQByAGUAbQBlAG4AdABzAFwAXAB1AHAAcABlAHIALQBjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1636 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3f2d1be-a20e-4850-bee5-4f660a26b293
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d4be02a3-1442-4845-8a72-1d38e1e20132
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1635 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3f2d1be-a20e-4850-bee5-4f660a26b293
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d4be02a3-1442-4845-8a72-1d38e1e20132
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1634 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3f2d1be-a20e-4850-bee5-4f660a26b293
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1633 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3f2d1be-a20e-4850-bee5-4f660a26b293
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1632 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3f2d1be-a20e-4850-bee5-4f660a26b293
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1631 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3f2d1be-a20e-4850-bee5-4f660a26b293
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1630 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3f2d1be-a20e-4850-bee5-4f660a26b293
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1629 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3f2d1be-a20e-4850-bee5-4f660a26b293
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1628 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3f2d1be-a20e-4850-bee5-4f660a26b293
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1627 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3f2d1be-a20e-4850-bee5-4f660a26b293
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1626 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=631c219f-3af5-48b9-9fac-c301b525fda9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=56a8438f-36f1-463d-b873-18bc9ee02b4a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1625 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=631c219f-3af5-48b9-9fac-c301b525fda9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1624 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=631c219f-3af5-48b9-9fac-c301b525fda9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1623 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=631c219f-3af5-48b9-9fac-c301b525fda9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1622 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=631c219f-3af5-48b9-9fac-c301b525fda9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1621 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=631c219f-3af5-48b9-9fac-c301b525fda9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1620 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=631c219f-3af5-48b9-9fac-c301b525fda9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1619 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=487c6fc0-7eaa-4904-be05-f0b3f671a6bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQB5AEEARABrAEEATwBRAEEAdQBBAEQAZwBBAE0AdwBBAHQAQQBEAEkAQQBNAHcAQQA1AEEARABBAEEATgBBAEEAMwBBAEQASQBBAE0AUQBBAHkAQQBEAGMAQQBNAEEAQQB5AEEARABnAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=571a603d-b588-472e-8d3d-e2eae98bb994
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1618 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6e69d419-20d4-4269-abbe-ff909a2cefb2
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgAyADkAOQAuADgAMwAtADIAMwA5ADAANAA3ADIAMQAyADcAMAAyADgAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=1ac5d40f-3cc8-45e5-811a-9f11b342fb28
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1617 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6e69d419-20d4-4269-abbe-ff909a2cefb2
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgAyADkAOQAuADgAMwAtADIAMwA5ADAANAA3ADIAMQAyADcAMAAyADgAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=1ac5d40f-3cc8-45e5-811a-9f11b342fb28
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1616 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6e69d419-20d4-4269-abbe-ff909a2cefb2
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgAyADkAOQAuADgAMwAtADIAMwA5ADAANAA3ADIAMQAyADcAMAAyADgAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1615 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6e69d419-20d4-4269-abbe-ff909a2cefb2
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgAyADkAOQAuADgAMwAtADIAMwA5ADAANAA3ADIAMQAyADcAMAAyADgAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1614 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6e69d419-20d4-4269-abbe-ff909a2cefb2
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgAyADkAOQAuADgAMwAtADIAMwA5ADAANAA3ADIAMQAyADcAMAAyADgAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1613 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6e69d419-20d4-4269-abbe-ff909a2cefb2
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgAyADkAOQAuADgAMwAtADIAMwA5ADAANAA3ADIAMQAyADcAMAAyADgAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1612 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6e69d419-20d4-4269-abbe-ff909a2cefb2
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgAyADkAOQAuADgAMwAtADIAMwA5ADAANAA3ADIAMQAyADcAMAAyADgAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1611 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6e69d419-20d4-4269-abbe-ff909a2cefb2
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgAyADkAOQAuADgAMwAtADIAMwA5ADAANAA3ADIAMQAyADcAMAAyADgAMgAxACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1610 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=487c6fc0-7eaa-4904-be05-f0b3f671a6bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQB5AEEARABrAEEATwBRAEEAdQBBAEQAZwBBAE0AdwBBAHQAQQBEAEkAQQBNAHcAQQA1AEEARABBAEEATgBBAEEAMwBBAEQASQBBAE0AUQBBAHkAQQBEAGMAQQBNAEEAQQB5AEEARABnAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=571a603d-b588-472e-8d3d-e2eae98bb994
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1609 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=487c6fc0-7eaa-4904-be05-f0b3f671a6bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQB5AEEARABrAEEATwBRAEEAdQBBAEQAZwBBAE0AdwBBAHQAQQBEAEkAQQBNAHcAQQA1AEEARABBAEEATgBBAEEAMwBBAEQASQBBAE0AUQBBAHkAQQBEAGMAQQBNAEEAQQB5AEEARABnAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1608 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=487c6fc0-7eaa-4904-be05-f0b3f671a6bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQB5AEEARABrAEEATwBRAEEAdQBBAEQAZwBBAE0AdwBBAHQAQQBEAEkAQQBNAHcAQQA1AEEARABBAEEATgBBAEEAMwBBAEQASQBBAE0AUQBBAHkAQQBEAGMAQQBNAEEAQQB5AEEARABnAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1607 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=487c6fc0-7eaa-4904-be05-f0b3f671a6bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQB5AEEARABrAEEATwBRAEEAdQBBAEQAZwBBAE0AdwBBAHQAQQBEAEkAQQBNAHcAQQA1AEEARABBAEEATgBBAEEAMwBBAEQASQBBAE0AUQBBAHkAQQBEAGMAQQBNAEEAQQB5AEEARABnAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1606 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=487c6fc0-7eaa-4904-be05-f0b3f671a6bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQB5AEEARABrAEEATwBRAEEAdQBBAEQAZwBBAE0AdwBBAHQAQQBEAEkAQQBNAHcAQQA1AEEARABBAEEATgBBAEEAMwBBAEQASQBBAE0AUQBBAHkAQQBEAGMAQQBNAEEAQQB5AEEARABnAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1605 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=487c6fc0-7eaa-4904-be05-f0b3f671a6bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQB5AEEARABrAEEATwBRAEEAdQBBAEQAZwBBAE0AdwBBAHQAQQBEAEkAQQBNAHcAQQA1AEEARABBAEEATgBBAEEAMwBBAEQASQBBAE0AUQBBAHkAQQBEAGMAQQBNAEEAQQB5AEEARABnAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1604 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=487c6fc0-7eaa-4904-be05-f0b3f671a6bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAGcAQQB5AEEARABrAEEATwBRAEEAdQBBAEQAZwBBAE0AdwBBAHQAQQBEAEkAQQBNAHcAQQA1AEEARABBAEEATgBBAEEAMwBBAEQASQBBAE0AUQBBAHkAQQBEAGMAQQBNAEEAQQB5AEEARABnAEEATQBnAEEAeABBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1603 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a04e81b2-9f9b-4ed5-9ccd-f00fd2b7a40c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a7c6e400-4b6c-4ce7-96e5-2b05d13216c0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1602 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e421d63b-d452-4cae-a70b-2452cbaf4fc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ac233d3c-091f-4b6f-8cf2-718fc83d432d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1601 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e421d63b-d452-4cae-a70b-2452cbaf4fc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1600 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e421d63b-d452-4cae-a70b-2452cbaf4fc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1599 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e421d63b-d452-4cae-a70b-2452cbaf4fc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1598 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e421d63b-d452-4cae-a70b-2452cbaf4fc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1597 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e421d63b-d452-4cae-a70b-2452cbaf4fc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1596 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e421d63b-d452-4cae-a70b-2452cbaf4fc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1595 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e421d63b-d452-4cae-a70b-2452cbaf4fc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1594 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e421d63b-d452-4cae-a70b-2452cbaf4fc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1593 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a04e81b2-9f9b-4ed5-9ccd-f00fd2b7a40c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a7c6e400-4b6c-4ce7-96e5-2b05d13216c0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1592 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a04e81b2-9f9b-4ed5-9ccd-f00fd2b7a40c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1591 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a04e81b2-9f9b-4ed5-9ccd-f00fd2b7a40c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1590 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a04e81b2-9f9b-4ed5-9ccd-f00fd2b7a40c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1589 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a04e81b2-9f9b-4ed5-9ccd-f00fd2b7a40c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1588 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a04e81b2-9f9b-4ed5-9ccd-f00fd2b7a40c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1587 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a04e81b2-9f9b-4ed5-9ccd-f00fd2b7a40c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1586 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3e2b6dfa-c667-49d8-b24f-6140264119e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgAyADkAOQAuADgAMwAtADIAMwA5ADAANAA3ADIAMQAyADcAMAAyADgAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=8d4d725d-4bcf-4031-b58e-7cde6093791f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1585 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3e2b6dfa-c667-49d8-b24f-6140264119e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgAyADkAOQAuADgAMwAtADIAMwA5ADAANAA3ADIAMQAyADcAMAAyADgAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=8d4d725d-4bcf-4031-b58e-7cde6093791f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1584 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3e2b6dfa-c667-49d8-b24f-6140264119e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgAyADkAOQAuADgAMwAtADIAMwA5ADAANAA3ADIAMQAyADcAMAAyADgAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1583 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3e2b6dfa-c667-49d8-b24f-6140264119e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgAyADkAOQAuADgAMwAtADIAMwA5ADAANAA3ADIAMQAyADcAMAAyADgAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1582 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3e2b6dfa-c667-49d8-b24f-6140264119e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgAyADkAOQAuADgAMwAtADIAMwA5ADAANAA3ADIAMQAyADcAMAAyADgAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1581 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3e2b6dfa-c667-49d8-b24f-6140264119e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgAyADkAOQAuADgAMwAtADIAMwA5ADAANAA3ADIAMQAyADcAMAAyADgAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1580 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3e2b6dfa-c667-49d8-b24f-6140264119e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgAyADkAOQAuADgAMwAtADIAMwA5ADAANAA3ADIAMQAyADcAMAAyADgAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1579 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3e2b6dfa-c667-49d8-b24f-6140264119e8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANgAyADkAOQAuADgAMwAtADIAMwA5ADAANAA3ADIAMQAyADcAMAAyADgAMgAxAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1578 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ce19a7b-a3e1-4d96-aedd-36033b560bab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAEkAQQBPAFEAQQA1AEEAQwA0AEEATwBBAEEAegBBAEMAMABBAE0AZwBBAHoAQQBEAGsAQQBNAEEAQQAwAEEARABjAEEATQBnAEEAeABBAEQASQBBAE4AdwBBAHcAQQBEAEkAQQBPAEEAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=ac9720d7-05cf-49f6-9b29-61e8ec795f4d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1577 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b7caa85b-6288-4536-9914-2dc2c019b4f5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADIAOQA5AC4AOAAzAC0AMgAzADkAMAA0ADcAMgAxADIANwAwADIAOAAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=1805a4cf-a294-40a6-b0cc-ee1bfea924eb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1576 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b7caa85b-6288-4536-9914-2dc2c019b4f5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADIAOQA5AC4AOAAzAC0AMgAzADkAMAA0ADcAMgAxADIANwAwADIAOAAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=1805a4cf-a294-40a6-b0cc-ee1bfea924eb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1575 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b7caa85b-6288-4536-9914-2dc2c019b4f5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADIAOQA5AC4AOAAzAC0AMgAzADkAMAA0ADcAMgAxADIANwAwADIAOAAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1574 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b7caa85b-6288-4536-9914-2dc2c019b4f5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADIAOQA5AC4AOAAzAC0AMgAzADkAMAA0ADcAMgAxADIANwAwADIAOAAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1573 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b7caa85b-6288-4536-9914-2dc2c019b4f5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADIAOQA5AC4AOAAzAC0AMgAzADkAMAA0ADcAMgAxADIANwAwADIAOAAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1572 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b7caa85b-6288-4536-9914-2dc2c019b4f5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADIAOQA5AC4AOAAzAC0AMgAzADkAMAA0ADcAMgAxADIANwAwADIAOAAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1571 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b7caa85b-6288-4536-9914-2dc2c019b4f5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADIAOQA5AC4AOAAzAC0AMgAzADkAMAA0ADcAMgAxADIANwAwADIAOAAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1570 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b7caa85b-6288-4536-9914-2dc2c019b4f5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA2ADIAOQA5AC4AOAAzAC0AMgAzADkAMAA0ADcAMgAxADIANwAwADIAOAAyADEAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1569 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ce19a7b-a3e1-4d96-aedd-36033b560bab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAEkAQQBPAFEAQQA1AEEAQwA0AEEATwBBAEEAegBBAEMAMABBAE0AZwBBAHoAQQBEAGsAQQBNAEEAQQAwAEEARABjAEEATQBnAEEAeABBAEQASQBBAE4AdwBBAHcAQQBEAEkAQQBPAEEAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=ac9720d7-05cf-49f6-9b29-61e8ec795f4d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1568 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ce19a7b-a3e1-4d96-aedd-36033b560bab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAEkAQQBPAFEAQQA1AEEAQwA0AEEATwBBAEEAegBBAEMAMABBAE0AZwBBAHoAQQBEAGsAQQBNAEEAQQAwAEEARABjAEEATQBnAEEAeABBAEQASQBBAE4AdwBBAHcAQQBEAEkAQQBPAEEAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1567 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ce19a7b-a3e1-4d96-aedd-36033b560bab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAEkAQQBPAFEAQQA1AEEAQwA0AEEATwBBAEEAegBBAEMAMABBAE0AZwBBAHoAQQBEAGsAQQBNAEEAQQAwAEEARABjAEEATQBnAEEAeABBAEQASQBBAE4AdwBBAHcAQQBEAEkAQQBPAEEAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1566 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ce19a7b-a3e1-4d96-aedd-36033b560bab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAEkAQQBPAFEAQQA1AEEAQwA0AEEATwBBAEEAegBBAEMAMABBAE0AZwBBAHoAQQBEAGsAQQBNAEEAQQAwAEEARABjAEEATQBnAEEAeABBAEQASQBBAE4AdwBBAHcAQQBEAEkAQQBPAEEAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1565 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ce19a7b-a3e1-4d96-aedd-36033b560bab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAEkAQQBPAFEAQQA1AEEAQwA0AEEATwBBAEEAegBBAEMAMABBAE0AZwBBAHoAQQBEAGsAQQBNAEEAQQAwAEEARABjAEEATQBnAEEAeABBAEQASQBBAE4AdwBBAHcAQQBEAEkAQQBPAEEAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1564 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ce19a7b-a3e1-4d96-aedd-36033b560bab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAEkAQQBPAFEAQQA1AEEAQwA0AEEATwBBAEEAegBBAEMAMABBAE0AZwBBAHoAQQBEAGsAQQBNAEEAQQAwAEEARABjAEEATQBnAEEAeABBAEQASQBBAE4AdwBBAHcAQQBEAEkAQQBPAEEAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1563 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0ce19a7b-a3e1-4d96-aedd-36033b560bab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADIAQQBEAEkAQQBPAFEAQQA1AEEAQwA0AEEATwBBAEEAegBBAEMAMABBAE0AZwBBAHoAQQBEAGsAQQBNAEEAQQAwAEEARABjAEEATQBnAEEAeABBAEQASQBBAE4AdwBBAHcAQQBEAEkAQQBPAEEAQQB5AEEARABFAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1562 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19e0ba2d-0f77-4d4a-9ed5-cf55ac3a64ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7d039739-c109-4bdd-8987-e5d438b49bf5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1561 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b424547-d1a3-4cce-8fa0-46aa4ce17c51
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0fb9f645-e013-49e1-8722-72ad9b3af200
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1560 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b424547-d1a3-4cce-8fa0-46aa4ce17c51
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1559 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b424547-d1a3-4cce-8fa0-46aa4ce17c51
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1558 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b424547-d1a3-4cce-8fa0-46aa4ce17c51
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1557 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b424547-d1a3-4cce-8fa0-46aa4ce17c51
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1556 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b424547-d1a3-4cce-8fa0-46aa4ce17c51
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1555 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b424547-d1a3-4cce-8fa0-46aa4ce17c51
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1554 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b424547-d1a3-4cce-8fa0-46aa4ce17c51
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1553 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6b424547-d1a3-4cce-8fa0-46aa4ce17c51
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1552 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19e0ba2d-0f77-4d4a-9ed5-cf55ac3a64ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7d039739-c109-4bdd-8987-e5d438b49bf5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1551 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19e0ba2d-0f77-4d4a-9ed5-cf55ac3a64ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1550 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19e0ba2d-0f77-4d4a-9ed5-cf55ac3a64ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1549 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19e0ba2d-0f77-4d4a-9ed5-cf55ac3a64ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1548 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19e0ba2d-0f77-4d4a-9ed5-cf55ac3a64ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1547 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19e0ba2d-0f77-4d4a-9ed5-cf55ac3a64ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1546 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19e0ba2d-0f77-4d4a-9ed5-cf55ac3a64ac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1545 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a7dd20c-a9b3-44e2-ab47-e15092c12178
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b0cf1709-2c10-41bf-b406-0caba4ee7240
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1544 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4cb42a2-be8e-4ea4-ae5a-714c81302383
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgAwADAANABkAGUAZQBlADAAYgBiADYAYQA0ADEAZAA0AGIAZgBlAGQAOAAxADcAYQAzADgANAA5AGIAZAA0ADEAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB1AHQAcgBvAG4AIABvAHAAZQBuAHMAdABhAGMAawAvAG8AcwAtAHcAaQBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYA
EngineVersion=5.1.14393.1944
RunspaceId=7a58bcb3-6d06-4938-9d30-cb8ccbd10627
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1543 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:51:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4cb42a2-be8e-4ea4-ae5a-714c81302383
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgAwADAANABkAGUAZQBlADAAYgBiADYAYQA0ADEAZAA0AGIAZgBlAGQAOAAxADcAYQAzADgANAA5AGIAZAA0ADEAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB1AHQAcgBvAG4AIABvAHAAZQBuAHMAdABhAGMAawAvAG8AcwAtAHcAaQBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYA
EngineVersion=5.1.14393.1944
RunspaceId=7a58bcb3-6d06-4938-9d30-cb8ccbd10627
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1542 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4cb42a2-be8e-4ea4-ae5a-714c81302383
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgAwADAANABkAGUAZQBlADAAYgBiADYAYQA0ADEAZAA0AGIAZgBlAGQAOAAxADcAYQAzADgANAA5AGIAZAA0ADEAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB1AHQAcgBvAG4AIABvAHAAZQBuAHMAdABhAGMAawAvAG8AcwAtAHcAaQBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1541 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4cb42a2-be8e-4ea4-ae5a-714c81302383
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgAwADAANABkAGUAZQBlADAAYgBiADYAYQA0ADEAZAA0AGIAZgBlAGQAOAAxADcAYQAzADgANAA5AGIAZAA0ADEAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB1AHQAcgBvAG4AIABvAHAAZQBuAHMAdABhAGMAawAvAG8AcwAtAHcAaQBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1540 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4cb42a2-be8e-4ea4-ae5a-714c81302383
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgAwADAANABkAGUAZQBlADAAYgBiADYAYQA0ADEAZAA0AGIAZgBlAGQAOAAxADcAYQAzADgANAA5AGIAZAA0ADEAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB1AHQAcgBvAG4AIABvAHAAZQBuAHMAdABhAGMAawAvAG8AcwAtAHcAaQBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1539 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4cb42a2-be8e-4ea4-ae5a-714c81302383
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgAwADAANABkAGUAZQBlADAAYgBiADYAYQA0ADEAZAA0AGIAZgBlAGQAOAAxADcAYQAzADgANAA5AGIAZAA0ADEAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB1AHQAcgBvAG4AIABvAHAAZQBuAHMAdABhAGMAawAvAG8AcwAtAHcAaQBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1538 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4cb42a2-be8e-4ea4-ae5a-714c81302383
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgAwADAANABkAGUAZQBlADAAYgBiADYAYQA0ADEAZAA0AGIAZgBlAGQAOAAxADcAYQAzADgANAA5AGIAZAA0ADEAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB1AHQAcgBvAG4AIABvAHAAZQBuAHMAdABhAGMAawAvAG8AcwAtAHcAaQBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1537 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e4cb42a2-be8e-4ea4-ae5a-714c81302383
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABwAHkAdABoAG8AbgAyADcAXABzAGMAcgBpAHAAdABzAFwAegB1AHUAbAAtAGMAbABvAG4AZQByACAALQAtAHcAbwByAGsAcwBwAGEAYwBlACAAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXABiAHUAaQBsAGQAIAAtAG0AIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAGIAdQBpAGwAZABcAFwAYwBsAG8AbgBlAG0AYQBwAC4AeQBhAG0AbAAgAC0ALQB6AHUAdQBsAC0AcAByAG8AagBlAGMAdAAgAG8AcABlAG4AcwB0AGEAYwBrAC8AbgBvAHYAYQAgAC0ALQB6AHUAdQBsAC0AcgBlAGYAIAByAGUAZgBzAC8AegB1AHUAbAAvAG0AYQBzAHQAZQByAC8AWgAwADAANABkAGUAZQBlADAAYgBiADYAYQA0ADEAZAA0AGIAZgBlAGQAOAAxADcAYQAzADgANAA5AGIAZAA0ADEAIAAtAC0AegB1AHUAbAAtAHUAcgBsACAAaAB0AHQAcAA6AC8ALwAxADAALgAxADAANgAuADEALgAzADkALwBwACAALQAtAHoAdQB1AGwALQBiAHIAYQBuAGMAaAAgAG0AYQBzAHQAZQByACAAaAB0AHQAcABzADoALwAvAG8AcABlAG4AZABlAHYALgBvAHIAZwAgAG8AcABlAG4AcwB0AGEAYwBrAC8AcgBlAHEAdQBpAHIAZQBtAGUAbgB0AHMAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AbwB2AGEAIABvAHAAZQBuAHMAdABhAGMAawAvAG4AZQB1AHQAcgBvAG4AIABvAHAAZQBuAHMAdABhAGMAawAvAG8AcwAtAHcAaQBuACAAbwBwAGUAbgBzAHQAYQBjAGsALwBuAGUAdAB3AG8AcgBrAGkAbgBnAC0AaAB5AHAAZQByAHYA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1536 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e51d79ef-5460-408e-b40a-78418105bb6d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=89049188-6271-4ed6-bcfd-a9fc0e3767de
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1535 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e51d79ef-5460-408e-b40a-78418105bb6d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=89049188-6271-4ed6-bcfd-a9fc0e3767de
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1534 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e51d79ef-5460-408e-b40a-78418105bb6d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1533 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e51d79ef-5460-408e-b40a-78418105bb6d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1532 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e51d79ef-5460-408e-b40a-78418105bb6d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1531 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e51d79ef-5460-408e-b40a-78418105bb6d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1530 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e51d79ef-5460-408e-b40a-78418105bb6d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1529 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e51d79ef-5460-408e-b40a-78418105bb6d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1528 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e51d79ef-5460-408e-b40a-78418105bb6d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1527 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e51d79ef-5460-408e-b40a-78418105bb6d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1526 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a7dd20c-a9b3-44e2-ab47-e15092c12178
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b0cf1709-2c10-41bf-b406-0caba4ee7240
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1525 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a7dd20c-a9b3-44e2-ab47-e15092c12178
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1524 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a7dd20c-a9b3-44e2-ab47-e15092c12178
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1523 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a7dd20c-a9b3-44e2-ab47-e15092c12178
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1522 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a7dd20c-a9b3-44e2-ab47-e15092c12178
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1521 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a7dd20c-a9b3-44e2-ab47-e15092c12178
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1520 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9a7dd20c-a9b3-44e2-ab47-e15092c12178
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1519 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=353ca0e4-7c7e-4e1c-b0aa-4cfbd78df30b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQA1AEEARABVAEEATQBnAEEAdQBBAEQAZwBBAE4AUQBBAHQAQQBEAEkAQQBNAFEAQQAzAEEARABrAEEATwBRAEEAMwBBAEQASQBBAE0AQQBBAHoAQQBEAFEAQQBOAGcAQQAxAEEARABVAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=3a9ca2ca-8036-47e6-99e9-55b03c9f76f6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1518 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=648a29df-68ab-408c-bbfc-e074fca0c7ad
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA5ADUAMgAuADgANQAtADIAMQA3ADkAOQA3ADIAMAAzADQANgA1ADUANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=9b926411-8d3a-4f73-b20e-ebf7db93fb82
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1517 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=648a29df-68ab-408c-bbfc-e074fca0c7ad
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA5ADUAMgAuADgANQAtADIAMQA3ADkAOQA3ADIAMAAzADQANgA1ADUANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=9b926411-8d3a-4f73-b20e-ebf7db93fb82
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1516 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=648a29df-68ab-408c-bbfc-e074fca0c7ad
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA5ADUAMgAuADgANQAtADIAMQA3ADkAOQA3ADIAMAAzADQANgA1ADUANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1515 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=648a29df-68ab-408c-bbfc-e074fca0c7ad
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA5ADUAMgAuADgANQAtADIAMQA3ADkAOQA3ADIAMAAzADQANgA1ADUANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1514 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=648a29df-68ab-408c-bbfc-e074fca0c7ad
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA5ADUAMgAuADgANQAtADIAMQA3ADkAOQA3ADIAMAAzADQANgA1ADUANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1513 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=648a29df-68ab-408c-bbfc-e074fca0c7ad
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA5ADUAMgAuADgANQAtADIAMQA3ADkAOQA3ADIAMAAzADQANgA1ADUANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1512 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=648a29df-68ab-408c-bbfc-e074fca0c7ad
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA5ADUAMgAuADgANQAtADIAMQA3ADkAOQA3ADIAMAAzADQANgA1ADUANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1511 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=648a29df-68ab-408c-bbfc-e074fca0c7ad
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA5ADUAMgAuADgANQAtADIAMQA3ADkAOQA3ADIAMAAzADQANgA1ADUANAAwACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1510 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=353ca0e4-7c7e-4e1c-b0aa-4cfbd78df30b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQA1AEEARABVAEEATQBnAEEAdQBBAEQAZwBBAE4AUQBBAHQAQQBEAEkAQQBNAFEAQQAzAEEARABrAEEATwBRAEEAMwBBAEQASQBBAE0AQQBBAHoAQQBEAFEAQQBOAGcAQQAxAEEARABVAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=3a9ca2ca-8036-47e6-99e9-55b03c9f76f6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1509 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=353ca0e4-7c7e-4e1c-b0aa-4cfbd78df30b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQA1AEEARABVAEEATQBnAEEAdQBBAEQAZwBBAE4AUQBBAHQAQQBEAEkAQQBNAFEAQQAzAEEARABrAEEATwBRAEEAMwBBAEQASQBBAE0AQQBBAHoAQQBEAFEAQQBOAGcAQQAxAEEARABVAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1508 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=353ca0e4-7c7e-4e1c-b0aa-4cfbd78df30b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQA1AEEARABVAEEATQBnAEEAdQBBAEQAZwBBAE4AUQBBAHQAQQBEAEkAQQBNAFEAQQAzAEEARABrAEEATwBRAEEAMwBBAEQASQBBAE0AQQBBAHoAQQBEAFEAQQBOAGcAQQAxAEEARABVAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1507 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=353ca0e4-7c7e-4e1c-b0aa-4cfbd78df30b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQA1AEEARABVAEEATQBnAEEAdQBBAEQAZwBBAE4AUQBBAHQAQQBEAEkAQQBNAFEAQQAzAEEARABrAEEATwBRAEEAMwBBAEQASQBBAE0AQQBBAHoAQQBEAFEAQQBOAGcAQQAxAEEARABVAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1506 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=353ca0e4-7c7e-4e1c-b0aa-4cfbd78df30b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQA1AEEARABVAEEATQBnAEEAdQBBAEQAZwBBAE4AUQBBAHQAQQBEAEkAQQBNAFEAQQAzAEEARABrAEEATwBRAEEAMwBBAEQASQBBAE0AQQBBAHoAQQBEAFEAQQBOAGcAQQAxAEEARABVAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1505 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=353ca0e4-7c7e-4e1c-b0aa-4cfbd78df30b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQA1AEEARABVAEEATQBnAEEAdQBBAEQAZwBBAE4AUQBBAHQAQQBEAEkAQQBNAFEAQQAzAEEARABrAEEATwBRAEEAMwBBAEQASQBBAE0AQQBBAHoAQQBEAFEAQQBOAGcAQQAxAEEARABVAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1504 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=353ca0e4-7c7e-4e1c-b0aa-4cfbd78df30b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQA1AEEARABVAEEATQBnAEEAdQBBAEQAZwBBAE4AUQBBAHQAQQBEAEkAQQBNAFEAQQAzAEEARABrAEEATwBRAEEAMwBBAEQASQBBAE0AQQBBAHoAQQBEAFEAQQBOAGcAQQAxAEEARABVAEEATgBBAEEAdwBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1503 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4b2f554e-380d-44d9-97ec-11d1ec15d730
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b5342c49-62da-422d-be08-141e31d91d86
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1502 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c6fac544-10d8-4417-943a-283e758f4a7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=77098c8a-9c4e-4a71-98e1-c03b1c1c5655
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1501 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c6fac544-10d8-4417-943a-283e758f4a7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1500 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c6fac544-10d8-4417-943a-283e758f4a7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1499 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c6fac544-10d8-4417-943a-283e758f4a7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1498 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c6fac544-10d8-4417-943a-283e758f4a7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1497 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c6fac544-10d8-4417-943a-283e758f4a7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1496 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c6fac544-10d8-4417-943a-283e758f4a7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1495 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c6fac544-10d8-4417-943a-283e758f4a7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1494 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c6fac544-10d8-4417-943a-283e758f4a7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1493 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4b2f554e-380d-44d9-97ec-11d1ec15d730
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b5342c49-62da-422d-be08-141e31d91d86
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1492 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4b2f554e-380d-44d9-97ec-11d1ec15d730
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1491 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4b2f554e-380d-44d9-97ec-11d1ec15d730
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1490 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4b2f554e-380d-44d9-97ec-11d1ec15d730
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1489 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4b2f554e-380d-44d9-97ec-11d1ec15d730
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1488 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4b2f554e-380d-44d9-97ec-11d1ec15d730
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1487 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4b2f554e-380d-44d9-97ec-11d1ec15d730
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1486 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5321e0c6-bffb-43ef-8509-dc0e37967b0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA5ADUAMgAuADgANQAtADIAMQA3ADkAOQA3ADIAMAAzADQANgA1ADUANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=8a7df1f0-5304-4adc-b33e-ee0f50c3910f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1485 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5321e0c6-bffb-43ef-8509-dc0e37967b0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA5ADUAMgAuADgANQAtADIAMQA3ADkAOQA3ADIAMAAzADQANgA1ADUANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=8a7df1f0-5304-4adc-b33e-ee0f50c3910f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1484 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5321e0c6-bffb-43ef-8509-dc0e37967b0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA5ADUAMgAuADgANQAtADIAMQA3ADkAOQA3ADIAMAAzADQANgA1ADUANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1483 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5321e0c6-bffb-43ef-8509-dc0e37967b0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA5ADUAMgAuADgANQAtADIAMQA3ADkAOQA3ADIAMAAzADQANgA1ADUANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1482 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5321e0c6-bffb-43ef-8509-dc0e37967b0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA5ADUAMgAuADgANQAtADIAMQA3ADkAOQA3ADIAMAAzADQANgA1ADUANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1481 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5321e0c6-bffb-43ef-8509-dc0e37967b0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA5ADUAMgAuADgANQAtADIAMQA3ADkAOQA3ADIAMAAzADQANgA1ADUANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1480 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5321e0c6-bffb-43ef-8509-dc0e37967b0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA5ADUAMgAuADgANQAtADIAMQA3ADkAOQA3ADIAMAAzADQANgA1ADUANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1479 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5321e0c6-bffb-43ef-8509-dc0e37967b0d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA5ADUAMgAuADgANQAtADIAMQA3ADkAOQA3ADIAMAAzADQANgA1ADUANAAwAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1478 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2479bf0b-af66-493f-825c-571e55e50902
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAGsAQQBOAFEAQQB5AEEAQwA0AEEATwBBAEEAMQBBAEMAMABBAE0AZwBBAHgAQQBEAGMAQQBPAFEAQQA1AEEARABjAEEATQBnAEEAdwBBAEQATQBBAE4AQQBBADIAQQBEAFUAQQBOAFEAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=c9ae2f84-4e08-44d1-9c5f-c1b85edb3ed7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1477 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=34e8b023-4d04-4c6d-a4b7-1a1e6827a9fd
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADkANQAyAC4AOAA1AC0AMgAxADcAOQA5ADcAMgAwADMANAA2ADUANQA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=bdbb65ea-eb7d-47c2-b505-547ec610ffa9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1476 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=34e8b023-4d04-4c6d-a4b7-1a1e6827a9fd
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADkANQAyAC4AOAA1AC0AMgAxADcAOQA5ADcAMgAwADMANAA2ADUANQA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=bdbb65ea-eb7d-47c2-b505-547ec610ffa9
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1475 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=34e8b023-4d04-4c6d-a4b7-1a1e6827a9fd
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADkANQAyAC4AOAA1AC0AMgAxADcAOQA5ADcAMgAwADMANAA2ADUANQA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1474 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=34e8b023-4d04-4c6d-a4b7-1a1e6827a9fd
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADkANQAyAC4AOAA1AC0AMgAxADcAOQA5ADcAMgAwADMANAA2ADUANQA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1473 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=34e8b023-4d04-4c6d-a4b7-1a1e6827a9fd
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADkANQAyAC4AOAA1AC0AMgAxADcAOQA5ADcAMgAwADMANAA2ADUANQA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1472 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=34e8b023-4d04-4c6d-a4b7-1a1e6827a9fd
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADkANQAyAC4AOAA1AC0AMgAxADcAOQA5ADcAMgAwADMANAA2ADUANQA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1471 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=34e8b023-4d04-4c6d-a4b7-1a1e6827a9fd
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADkANQAyAC4AOAA1AC0AMgAxADcAOQA5ADcAMgAwADMANAA2ADUANQA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1470 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=34e8b023-4d04-4c6d-a4b7-1a1e6827a9fd
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADkANQAyAC4AOAA1AC0AMgAxADcAOQA5ADcAMgAwADMANAA2ADUANQA0ADAAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1469 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2479bf0b-af66-493f-825c-571e55e50902
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAGsAQQBOAFEAQQB5AEEAQwA0AEEATwBBAEEAMQBBAEMAMABBAE0AZwBBAHgAQQBEAGMAQQBPAFEAQQA1AEEARABjAEEATQBnAEEAdwBBAEQATQBBAE4AQQBBADIAQQBEAFUAQQBOAFEAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=c9ae2f84-4e08-44d1-9c5f-c1b85edb3ed7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1468 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2479bf0b-af66-493f-825c-571e55e50902
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAGsAQQBOAFEAQQB5AEEAQwA0AEEATwBBAEEAMQBBAEMAMABBAE0AZwBBAHgAQQBEAGMAQQBPAFEAQQA1AEEARABjAEEATQBnAEEAdwBBAEQATQBBAE4AQQBBADIAQQBEAFUAQQBOAFEAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1467 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2479bf0b-af66-493f-825c-571e55e50902
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAGsAQQBOAFEAQQB5AEEAQwA0AEEATwBBAEEAMQBBAEMAMABBAE0AZwBBAHgAQQBEAGMAQQBPAFEAQQA1AEEARABjAEEATQBnAEEAdwBBAEQATQBBAE4AQQBBADIAQQBEAFUAQQBOAFEAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1466 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2479bf0b-af66-493f-825c-571e55e50902
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAGsAQQBOAFEAQQB5AEEAQwA0AEEATwBBAEEAMQBBAEMAMABBAE0AZwBBAHgAQQBEAGMAQQBPAFEAQQA1AEEARABjAEEATQBnAEEAdwBBAEQATQBBAE4AQQBBADIAQQBEAFUAQQBOAFEAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1465 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2479bf0b-af66-493f-825c-571e55e50902
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAGsAQQBOAFEAQQB5AEEAQwA0AEEATwBBAEEAMQBBAEMAMABBAE0AZwBBAHgAQQBEAGMAQQBPAFEAQQA1AEEARABjAEEATQBnAEEAdwBBAEQATQBBAE4AQQBBADIAQQBEAFUAQQBOAFEAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1464 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2479bf0b-af66-493f-825c-571e55e50902
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAGsAQQBOAFEAQQB5AEEAQwA0AEEATwBBAEEAMQBBAEMAMABBAE0AZwBBAHgAQQBEAGMAQQBPAFEAQQA1AEEARABjAEEATQBnAEEAdwBBAEQATQBBAE4AQQBBADIAQQBEAFUAQQBOAFEAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1463 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2479bf0b-af66-493f-825c-571e55e50902
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAGsAQQBOAFEAQQB5AEEAQwA0AEEATwBBAEEAMQBBAEMAMABBAE0AZwBBAHgAQQBEAGMAQQBPAFEAQQA1AEEARABjAEEATQBnAEEAdwBBAEQATQBBAE4AQQBBADIAQQBEAFUAQQBOAFEAQQAwAEEARABBAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1462 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cde41fd0-814e-4df1-a1a2-5c294167f05c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a91e73d8-b50b-475e-a1d3-7d8c7a8fb535
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1461 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b13a06a1-184f-4ba6-a09e-80a5450df70a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0a056db0-ed5f-4b86-8338-990167a9a4e5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1460 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b13a06a1-184f-4ba6-a09e-80a5450df70a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1459 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b13a06a1-184f-4ba6-a09e-80a5450df70a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1458 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b13a06a1-184f-4ba6-a09e-80a5450df70a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1457 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b13a06a1-184f-4ba6-a09e-80a5450df70a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1456 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b13a06a1-184f-4ba6-a09e-80a5450df70a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1455 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b13a06a1-184f-4ba6-a09e-80a5450df70a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1454 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b13a06a1-184f-4ba6-a09e-80a5450df70a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1453 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b13a06a1-184f-4ba6-a09e-80a5450df70a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1452 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cde41fd0-814e-4df1-a1a2-5c294167f05c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a91e73d8-b50b-475e-a1d3-7d8c7a8fb535
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1451 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cde41fd0-814e-4df1-a1a2-5c294167f05c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1450 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cde41fd0-814e-4df1-a1a2-5c294167f05c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1449 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cde41fd0-814e-4df1-a1a2-5c294167f05c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1448 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cde41fd0-814e-4df1-a1a2-5c294167f05c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1447 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cde41fd0-814e-4df1-a1a2-5c294167f05c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1446 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cde41fd0-814e-4df1-a1a2-5c294167f05c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1445 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3d0d0142-3e8d-428d-b7e9-8a52a62e6103
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1d7da1fc-d545-428a-accc-29d4a3cfb793
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1444 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=964d3388-60e6-48ab-b962-a6252be90638
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=03925bb7-b0d6-498b-8cdd-1dd7a2f9ff04
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1443 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=964d3388-60e6-48ab-b962-a6252be90638
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1442 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=964d3388-60e6-48ab-b962-a6252be90638
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1441 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=964d3388-60e6-48ab-b962-a6252be90638
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1440 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=964d3388-60e6-48ab-b962-a6252be90638
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1439 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=964d3388-60e6-48ab-b962-a6252be90638
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1438 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=964d3388-60e6-48ab-b962-a6252be90638
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1437 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=964d3388-60e6-48ab-b962-a6252be90638
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1436 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=964d3388-60e6-48ab-b962-a6252be90638
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1435 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3d0d0142-3e8d-428d-b7e9-8a52a62e6103
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1d7da1fc-d545-428a-accc-29d4a3cfb793
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1434 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3d0d0142-3e8d-428d-b7e9-8a52a62e6103
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1433 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3d0d0142-3e8d-428d-b7e9-8a52a62e6103
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1432 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3d0d0142-3e8d-428d-b7e9-8a52a62e6103
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1431 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3d0d0142-3e8d-428d-b7e9-8a52a62e6103
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1430 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3d0d0142-3e8d-428d-b7e9-8a52a62e6103
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1429 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3d0d0142-3e8d-428d-b7e9-8a52a62e6103
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1428 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dbe7a500-b264-42cc-ba5f-c165da5ca603
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c841e2f1-7c7c-4a01-b82b-8babc95e1949
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1427 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:45:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c21a39ff-2718-4d74-953f-6e25e54177ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=33ae5b56-77db-4106-a45a-d04780c9d374
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1426 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c21a39ff-2718-4d74-953f-6e25e54177ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=33ae5b56-77db-4106-a45a-d04780c9d374
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1425 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c21a39ff-2718-4d74-953f-6e25e54177ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1424 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c21a39ff-2718-4d74-953f-6e25e54177ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1423 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c21a39ff-2718-4d74-953f-6e25e54177ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1422 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c21a39ff-2718-4d74-953f-6e25e54177ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1421 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c21a39ff-2718-4d74-953f-6e25e54177ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1420 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c21a39ff-2718-4d74-953f-6e25e54177ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1419 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c21a39ff-2718-4d74-953f-6e25e54177ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1418 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=c21a39ff-2718-4d74-953f-6e25e54177ea
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1417 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dbe7a500-b264-42cc-ba5f-c165da5ca603
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c841e2f1-7c7c-4a01-b82b-8babc95e1949
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1416 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dbe7a500-b264-42cc-ba5f-c165da5ca603
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1415 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dbe7a500-b264-42cc-ba5f-c165da5ca603
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1414 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dbe7a500-b264-42cc-ba5f-c165da5ca603
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1413 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dbe7a500-b264-42cc-ba5f-c165da5ca603
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1412 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dbe7a500-b264-42cc-ba5f-c165da5ca603
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1411 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dbe7a500-b264-42cc-ba5f-c165da5ca603
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1410 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f663dae-3b42-47a4-bd43-2f61fa589869
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fc0e3115-388d-48d9-8cd3-fab61b30d430
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1409 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6568f9fb-2718-46bf-821c-092a9b9440c3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=25e9cfc3-e319-416a-8047-7cd67384ff47
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1408 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6568f9fb-2718-46bf-821c-092a9b9440c3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=25e9cfc3-e319-416a-8047-7cd67384ff47
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1407 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6568f9fb-2718-46bf-821c-092a9b9440c3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1406 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6568f9fb-2718-46bf-821c-092a9b9440c3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1405 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6568f9fb-2718-46bf-821c-092a9b9440c3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1404 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6568f9fb-2718-46bf-821c-092a9b9440c3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1403 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6568f9fb-2718-46bf-821c-092a9b9440c3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1402 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6568f9fb-2718-46bf-821c-092a9b9440c3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1401 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6568f9fb-2718-46bf-821c-092a9b9440c3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1400 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6568f9fb-2718-46bf-821c-092a9b9440c3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1399 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f663dae-3b42-47a4-bd43-2f61fa589869
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fc0e3115-388d-48d9-8cd3-fab61b30d430
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1398 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f663dae-3b42-47a4-bd43-2f61fa589869
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1397 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f663dae-3b42-47a4-bd43-2f61fa589869
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1396 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f663dae-3b42-47a4-bd43-2f61fa589869
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1395 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f663dae-3b42-47a4-bd43-2f61fa589869
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1394 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f663dae-3b42-47a4-bd43-2f61fa589869
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1393 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8f663dae-3b42-47a4-bd43-2f61fa589869
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1392 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd8ade4b-5998-4ca2-b5e8-e60b8cf21b34
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7801b3a8-4ac9-4112-b827-37ddce717496
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1391 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9e646ea4-dd01-49b6-8d8e-23807167d9d1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=55fd4f57-5fb7-48b8-9c83-bdf9aa1e97ad
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1390 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9e646ea4-dd01-49b6-8d8e-23807167d9d1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1389 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9e646ea4-dd01-49b6-8d8e-23807167d9d1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1388 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9e646ea4-dd01-49b6-8d8e-23807167d9d1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1387 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9e646ea4-dd01-49b6-8d8e-23807167d9d1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1386 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9e646ea4-dd01-49b6-8d8e-23807167d9d1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1385 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9e646ea4-dd01-49b6-8d8e-23807167d9d1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1384 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9e646ea4-dd01-49b6-8d8e-23807167d9d1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1383 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9e646ea4-dd01-49b6-8d8e-23807167d9d1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1382 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd8ade4b-5998-4ca2-b5e8-e60b8cf21b34
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7801b3a8-4ac9-4112-b827-37ddce717496
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1381 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd8ade4b-5998-4ca2-b5e8-e60b8cf21b34
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1380 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd8ade4b-5998-4ca2-b5e8-e60b8cf21b34
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1379 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd8ade4b-5998-4ca2-b5e8-e60b8cf21b34
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1378 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd8ade4b-5998-4ca2-b5e8-e60b8cf21b34
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1377 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd8ade4b-5998-4ca2-b5e8-e60b8cf21b34
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1376 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fd8ade4b-5998-4ca2-b5e8-e60b8cf21b34
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1375 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:44:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=144f37e2-bf68-4689-8b70-9b534ef10c98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=cbaa4ad9-bda3-442d-acb4-c02c950c3866
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1374 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19b5a9ca-35dc-41ef-92d0-e07ada6579b5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=5.1.14393.1944
RunspaceId=e6cdcbac-ae9b-4a14-a8e3-b1217d37f504
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1373 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19b5a9ca-35dc-41ef-92d0-e07ada6579b5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=5.1.14393.1944
RunspaceId=e6cdcbac-ae9b-4a14-a8e3-b1217d37f504
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1372 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19b5a9ca-35dc-41ef-92d0-e07ada6579b5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1371 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19b5a9ca-35dc-41ef-92d0-e07ada6579b5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1370 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19b5a9ca-35dc-41ef-92d0-e07ada6579b5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1369 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19b5a9ca-35dc-41ef-92d0-e07ada6579b5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1368 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19b5a9ca-35dc-41ef-92d0-e07ada6579b5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1367 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=19b5a9ca-35dc-41ef-92d0-e07ada6579b5
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAtAHIAZQBjAHUAcgBzAGUAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAIgAgAGMAOgBcAHcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQAzADIAXABXAGkAbgBkAG8AdwBzAFAAbwB3AGUAcgBTAGgAZQBsAGwAXAB2ADEALgAwAFwATQBvAGQAdQBsAGUAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1366 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=caefbe9a-3850-4bb4-b566-ec804fc700c4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=512a3027-093a-4ba8-be1f-9f2aed9b71e0
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1365 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=caefbe9a-3850-4bb4-b566-ec804fc700c4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=512a3027-093a-4ba8-be1f-9f2aed9b71e0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1364 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=caefbe9a-3850-4bb4-b566-ec804fc700c4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1363 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=caefbe9a-3850-4bb4-b566-ec804fc700c4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1362 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=caefbe9a-3850-4bb4-b566-ec804fc700c4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1361 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=caefbe9a-3850-4bb4-b566-ec804fc700c4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1360 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=caefbe9a-3850-4bb4-b566-ec804fc700c4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1359 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=caefbe9a-3850-4bb4-b566-ec804fc700c4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1358 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=caefbe9a-3850-4bb4-b566-ec804fc700c4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1357 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=caefbe9a-3850-4bb4-b566-ec804fc700c4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1356 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=144f37e2-bf68-4689-8b70-9b534ef10c98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=cbaa4ad9-bda3-442d-acb4-c02c950c3866
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1355 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=144f37e2-bf68-4689-8b70-9b534ef10c98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1354 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=144f37e2-bf68-4689-8b70-9b534ef10c98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1353 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=144f37e2-bf68-4689-8b70-9b534ef10c98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1352 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=144f37e2-bf68-4689-8b70-9b534ef10c98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1351 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=144f37e2-bf68-4689-8b70-9b534ef10c98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1350 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=144f37e2-bf68-4689-8b70-9b534ef10c98
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1349 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=66a1c70f-65a7-4a75-808c-7800256a7be6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=63d9ee5f-b3fc-434d-99ea-0247e5187131
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1348 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0d71ec26-52c6-4c22-a5c3-ec04b4cc5b89
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=5.1.14393.1944
RunspaceId=943c9fcd-e999-4ec4-abc8-39c1dfe1cb9e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1347 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0d71ec26-52c6-4c22-a5c3-ec04b4cc5b89
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=5.1.14393.1944
RunspaceId=943c9fcd-e999-4ec4-abc8-39c1dfe1cb9e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1346 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0d71ec26-52c6-4c22-a5c3-ec04b4cc5b89
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1345 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0d71ec26-52c6-4c22-a5c3-ec04b4cc5b89
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1344 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0d71ec26-52c6-4c22-a5c3-ec04b4cc5b89
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1343 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0d71ec26-52c6-4c22-a5c3-ec04b4cc5b89
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1342 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0d71ec26-52c6-4c22-a5c3-ec04b4cc5b89
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1341 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0d71ec26-52c6-4c22-a5c3-ec04b4cc5b89
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjAHAAIAAiAGMAOgBcAG8AcABlAG4AcwB0AGEAYwBrAFwAdABtAHAAXABcAEYAcgBlAGUAUgBEAFAAXABcACoAIgAgAGMAOgBcAFwAdwBpAG4AZABvAHcAcwA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1340 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6fbe08f7-b386-434b-b347-672d81333892
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9c6df061-b91d-4802-bf61-04c70d91665e
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1339 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6fbe08f7-b386-434b-b347-672d81333892
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9c6df061-b91d-4802-bf61-04c70d91665e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1338 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6fbe08f7-b386-434b-b347-672d81333892
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1337 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6fbe08f7-b386-434b-b347-672d81333892
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1336 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6fbe08f7-b386-434b-b347-672d81333892
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1335 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6fbe08f7-b386-434b-b347-672d81333892
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1334 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6fbe08f7-b386-434b-b347-672d81333892
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1333 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6fbe08f7-b386-434b-b347-672d81333892
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1332 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6fbe08f7-b386-434b-b347-672d81333892
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1331 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6fbe08f7-b386-434b-b347-672d81333892
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1330 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=66a1c70f-65a7-4a75-808c-7800256a7be6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=63d9ee5f-b3fc-434d-99ea-0247e5187131
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1329 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=66a1c70f-65a7-4a75-808c-7800256a7be6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1328 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=66a1c70f-65a7-4a75-808c-7800256a7be6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1327 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=66a1c70f-65a7-4a75-808c-7800256a7be6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1326 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=66a1c70f-65a7-4a75-808c-7800256a7be6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1325 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=66a1c70f-65a7-4a75-808c-7800256a7be6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1324 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=66a1c70f-65a7-4a75-808c-7800256a7be6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1323 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=904dd324-a811-481b-b9e6-f781f4fce538
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9e8d27f2-a903-438e-9866-1c9a6f62914d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1322 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3838b02-a9f6-4d8a-b7ef-4c529dc317ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=97859e9f-ac41-4098-8eaf-fcbbdc9b1756
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1321 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3838b02-a9f6-4d8a-b7ef-4c529dc317ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=97859e9f-ac41-4098-8eaf-fcbbdc9b1756
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1320 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3838b02-a9f6-4d8a-b7ef-4c529dc317ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1319 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3838b02-a9f6-4d8a-b7ef-4c529dc317ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1318 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3838b02-a9f6-4d8a-b7ef-4c529dc317ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1317 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3838b02-a9f6-4d8a-b7ef-4c529dc317ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1316 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3838b02-a9f6-4d8a-b7ef-4c529dc317ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1315 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3838b02-a9f6-4d8a-b7ef-4c529dc317ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1314 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3838b02-a9f6-4d8a-b7ef-4c529dc317ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1313 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e3838b02-a9f6-4d8a-b7ef-4c529dc317ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1312 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=904dd324-a811-481b-b9e6-f781f4fce538
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9e8d27f2-a903-438e-9866-1c9a6f62914d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1311 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=904dd324-a811-481b-b9e6-f781f4fce538
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1310 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=904dd324-a811-481b-b9e6-f781f4fce538
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1309 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=904dd324-a811-481b-b9e6-f781f4fce538
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1308 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=904dd324-a811-481b-b9e6-f781f4fce538
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1307 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=904dd324-a811-481b-b9e6-f781f4fce538
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1306 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=904dd324-a811-481b-b9e6-f781f4fce538
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1305 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a14ae53-8709-4ba5-8ce2-5b5528d8c60a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=14cb6b0f-fdcb-4428-b799-c44e95620c2e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1304 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5f3b814a-7180-45e5-91fe-7da47660935e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5a484c22-8503-4f25-af3e-888a2a92320a
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1303 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5f3b814a-7180-45e5-91fe-7da47660935e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5a484c22-8503-4f25-af3e-888a2a92320a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1302 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5f3b814a-7180-45e5-91fe-7da47660935e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1301 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5f3b814a-7180-45e5-91fe-7da47660935e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1300 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5f3b814a-7180-45e5-91fe-7da47660935e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1299 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5f3b814a-7180-45e5-91fe-7da47660935e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1298 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5f3b814a-7180-45e5-91fe-7da47660935e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1297 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5f3b814a-7180-45e5-91fe-7da47660935e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1296 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5f3b814a-7180-45e5-91fe-7da47660935e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1295 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5f3b814a-7180-45e5-91fe-7da47660935e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1294 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a14ae53-8709-4ba5-8ce2-5b5528d8c60a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=14cb6b0f-fdcb-4428-b799-c44e95620c2e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1293 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a14ae53-8709-4ba5-8ce2-5b5528d8c60a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1292 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a14ae53-8709-4ba5-8ce2-5b5528d8c60a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1291 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a14ae53-8709-4ba5-8ce2-5b5528d8c60a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1290 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a14ae53-8709-4ba5-8ce2-5b5528d8c60a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1289 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a14ae53-8709-4ba5-8ce2-5b5528d8c60a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1288 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0a14ae53-8709-4ba5-8ce2-5b5528d8c60a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1287 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e0156822-8f9c-45db-a03a-c672de931f35
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a3d075f5-223f-4c83-98f2-0afabc498d5b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1286 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2203ef21-e8b4-4248-b3e4-6d843867f70b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5c1a00af-264d-4f44-a44f-f62fef70f778
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1285 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2203ef21-e8b4-4248-b3e4-6d843867f70b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1284 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2203ef21-e8b4-4248-b3e4-6d843867f70b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1283 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2203ef21-e8b4-4248-b3e4-6d843867f70b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1282 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2203ef21-e8b4-4248-b3e4-6d843867f70b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1281 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2203ef21-e8b4-4248-b3e4-6d843867f70b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1280 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2203ef21-e8b4-4248-b3e4-6d843867f70b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1279 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2203ef21-e8b4-4248-b3e4-6d843867f70b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1278 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2203ef21-e8b4-4248-b3e4-6d843867f70b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1277 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e0156822-8f9c-45db-a03a-c672de931f35
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a3d075f5-223f-4c83-98f2-0afabc498d5b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1276 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e0156822-8f9c-45db-a03a-c672de931f35
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1275 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e0156822-8f9c-45db-a03a-c672de931f35
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1274 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e0156822-8f9c-45db-a03a-c672de931f35
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1273 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e0156822-8f9c-45db-a03a-c672de931f35
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1272 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e0156822-8f9c-45db-a03a-c672de931f35
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1271 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e0156822-8f9c-45db-a03a-c672de931f35
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1270 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5fa8bde1-afb7-4336-bc36-0cf1b5d5c7a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b7de80af-c4f5-410a-b5c0-596eedf1f43c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1269 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e9345dff-6c5c-41a1-9bb3-6911bfcaa673
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=5.1.14393.1944
RunspaceId=03f9978b-d9d2-4fc4-8e12-00432015072a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1268 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e9345dff-6c5c-41a1-9bb3-6911bfcaa673
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=5.1.14393.1944
RunspaceId=03f9978b-d9d2-4fc4-8e12-00432015072a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1267 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e9345dff-6c5c-41a1-9bb3-6911bfcaa673
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1266 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e9345dff-6c5c-41a1-9bb3-6911bfcaa673
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1265 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e9345dff-6c5c-41a1-9bb3-6911bfcaa673
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1264 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e9345dff-6c5c-41a1-9bb3-6911bfcaa673
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1263 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e9345dff-6c5c-41a1-9bb3-6911bfcaa673
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1262 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e9345dff-6c5c-41a1-9bb3-6911bfcaa673
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAdgBjAHIAZQBkAGkAcwB0AF8AeAA4ADYALgBlAHgAZQAgAC8AcQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1261 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72864fcc-7224-4cbb-a388-fad8888a1c71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=22bffd41-37c8-4943-9d1c-dadfe41fec08
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1260 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:44 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72864fcc-7224-4cbb-a388-fad8888a1c71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=22bffd41-37c8-4943-9d1c-dadfe41fec08
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1259 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72864fcc-7224-4cbb-a388-fad8888a1c71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1258 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72864fcc-7224-4cbb-a388-fad8888a1c71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1257 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72864fcc-7224-4cbb-a388-fad8888a1c71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1256 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72864fcc-7224-4cbb-a388-fad8888a1c71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1255 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72864fcc-7224-4cbb-a388-fad8888a1c71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1254 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72864fcc-7224-4cbb-a388-fad8888a1c71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1253 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72864fcc-7224-4cbb-a388-fad8888a1c71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1252 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72864fcc-7224-4cbb-a388-fad8888a1c71
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1251 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5fa8bde1-afb7-4336-bc36-0cf1b5d5c7a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b7de80af-c4f5-410a-b5c0-596eedf1f43c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1250 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5fa8bde1-afb7-4336-bc36-0cf1b5d5c7a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1249 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5fa8bde1-afb7-4336-bc36-0cf1b5d5c7a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1248 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5fa8bde1-afb7-4336-bc36-0cf1b5d5c7a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1247 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5fa8bde1-afb7-4336-bc36-0cf1b5d5c7a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1246 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5fa8bde1-afb7-4336-bc36-0cf1b5d5c7a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1245 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=5fa8bde1-afb7-4336-bc36-0cf1b5d5c7a0
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1244 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:43 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54128220-14a6-4c8e-92da-e05613120a40
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a891784c-c853-4aa1-8b12-cd3310420d28
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1243 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b963b312-a556-4173-9f34-c427f9caa337
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=32d4f7bc-ed72-49af-a639-43a15893e5d5
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1242 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b963b312-a556-4173-9f34-c427f9caa337
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=32d4f7bc-ed72-49af-a639-43a15893e5d5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1241 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b963b312-a556-4173-9f34-c427f9caa337
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1240 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b963b312-a556-4173-9f34-c427f9caa337
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1239 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b963b312-a556-4173-9f34-c427f9caa337
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1238 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b963b312-a556-4173-9f34-c427f9caa337
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1237 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b963b312-a556-4173-9f34-c427f9caa337
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1236 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b963b312-a556-4173-9f34-c427f9caa337
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1235 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b963b312-a556-4173-9f34-c427f9caa337
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1234 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b963b312-a556-4173-9f34-c427f9caa337
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1233 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54128220-14a6-4c8e-92da-e05613120a40
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a891784c-c853-4aa1-8b12-cd3310420d28
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1232 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54128220-14a6-4c8e-92da-e05613120a40
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1231 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54128220-14a6-4c8e-92da-e05613120a40
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1230 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54128220-14a6-4c8e-92da-e05613120a40
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1229 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54128220-14a6-4c8e-92da-e05613120a40
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1228 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54128220-14a6-4c8e-92da-e05613120a40
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1227 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=54128220-14a6-4c8e-92da-e05613120a40
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1226 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2ddf835c-d6d4-4222-8f97-a0fab5180449
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0a2d1d4b-fab8-487a-9af6-5db82f872a3b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1225 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f23cdd41-8e1d-452a-b609-ca771a46c786
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6038e256-39a2-49f5-a227-ea58044a1abb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1224 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f23cdd41-8e1d-452a-b609-ca771a46c786
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1223 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f23cdd41-8e1d-452a-b609-ca771a46c786
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1222 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f23cdd41-8e1d-452a-b609-ca771a46c786
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1221 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f23cdd41-8e1d-452a-b609-ca771a46c786
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1220 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f23cdd41-8e1d-452a-b609-ca771a46c786
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1219 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f23cdd41-8e1d-452a-b609-ca771a46c786
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1218 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f23cdd41-8e1d-452a-b609-ca771a46c786
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1217 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f23cdd41-8e1d-452a-b609-ca771a46c786
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1216 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2ddf835c-d6d4-4222-8f97-a0fab5180449
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0a2d1d4b-fab8-487a-9af6-5db82f872a3b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1215 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2ddf835c-d6d4-4222-8f97-a0fab5180449
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1214 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2ddf835c-d6d4-4222-8f97-a0fab5180449
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1213 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2ddf835c-d6d4-4222-8f97-a0fab5180449
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1212 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2ddf835c-d6d4-4222-8f97-a0fab5180449
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1211 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2ddf835c-d6d4-4222-8f97-a0fab5180449
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1210 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=2ddf835c-d6d4-4222-8f97-a0fab5180449
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1209 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1e20ff1-45ab-4c27-a79e-e7a0df92e0da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=43155834-15a7-4ecc-864b-42cdba605346
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1208 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=da07db90-289e-48e0-83f4-6a3e414a9d67
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=5.1.14393.1944
RunspaceId=b4d1b35c-edc2-4262-bcbe-8e5ede68c78d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1207 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=da07db90-289e-48e0-83f4-6a3e414a9d67
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=5.1.14393.1944
RunspaceId=b4d1b35c-edc2-4262-bcbe-8e5ede68c78d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1206 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=da07db90-289e-48e0-83f4-6a3e414a9d67
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1205 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=da07db90-289e-48e0-83f4-6a3e414a9d67
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1204 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=da07db90-289e-48e0-83f4-6a3e414a9d67
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1203 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=da07db90-289e-48e0-83f4-6a3e414a9d67
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1202 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=da07db90-289e-48e0-83f4-6a3e414a9d67
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1201 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=da07db90-289e-48e0-83f4-6a3e414a9d67
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8AUAByAG8AZAB1AGMAdAAgAC0ARgBpAGwAdABlAHIAIAAiAE4AYQBtAGUAIABMAEkASwBFACAAJwAlAFYAaQBzAHUAYQBsACAAQwArACsAIAAyADAAMQAyACAAeAA4ADYAJQAnACIA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1200 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7df0a18d-aa4e-4346-8c50-77031aa807c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5dc35798-68a5-476b-8678-0bec42fe5622
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1199 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7df0a18d-aa4e-4346-8c50-77031aa807c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5dc35798-68a5-476b-8678-0bec42fe5622
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1198 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7df0a18d-aa4e-4346-8c50-77031aa807c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1197 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7df0a18d-aa4e-4346-8c50-77031aa807c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1196 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7df0a18d-aa4e-4346-8c50-77031aa807c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1195 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7df0a18d-aa4e-4346-8c50-77031aa807c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1194 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7df0a18d-aa4e-4346-8c50-77031aa807c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1193 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7df0a18d-aa4e-4346-8c50-77031aa807c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1192 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7df0a18d-aa4e-4346-8c50-77031aa807c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1191 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=7df0a18d-aa4e-4346-8c50-77031aa807c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1190 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1e20ff1-45ab-4c27-a79e-e7a0df92e0da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=43155834-15a7-4ecc-864b-42cdba605346
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1189 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1e20ff1-45ab-4c27-a79e-e7a0df92e0da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1188 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1e20ff1-45ab-4c27-a79e-e7a0df92e0da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1187 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1e20ff1-45ab-4c27-a79e-e7a0df92e0da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1186 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1e20ff1-45ab-4c27-a79e-e7a0df92e0da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1185 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1e20ff1-45ab-4c27-a79e-e7a0df92e0da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1184 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1e20ff1-45ab-4c27-a79e-e7a0df92e0da
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1183 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f66c9411-c6f0-4016-a496-703a59233555
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c126f35f-e379-401c-88b9-4cbc50a586bc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1182 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2ec2a5b8-60d2-4cd1-b5f6-6a6f5d42c598
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6199877f-82a5-43e6-856b-836e839519e3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1181 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2ec2a5b8-60d2-4cd1-b5f6-6a6f5d42c598
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1180 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2ec2a5b8-60d2-4cd1-b5f6-6a6f5d42c598
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1179 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2ec2a5b8-60d2-4cd1-b5f6-6a6f5d42c598
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1178 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2ec2a5b8-60d2-4cd1-b5f6-6a6f5d42c598
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1177 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2ec2a5b8-60d2-4cd1-b5f6-6a6f5d42c598
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1176 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2ec2a5b8-60d2-4cd1-b5f6-6a6f5d42c598
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1175 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2ec2a5b8-60d2-4cd1-b5f6-6a6f5d42c598
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1174 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2ec2a5b8-60d2-4cd1-b5f6-6a6f5d42c598
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1173 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f66c9411-c6f0-4016-a496-703a59233555
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c126f35f-e379-401c-88b9-4cbc50a586bc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1172 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f66c9411-c6f0-4016-a496-703a59233555
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1171 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f66c9411-c6f0-4016-a496-703a59233555
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1170 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f66c9411-c6f0-4016-a496-703a59233555
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1169 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f66c9411-c6f0-4016-a496-703a59233555
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1168 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f66c9411-c6f0-4016-a496-703a59233555
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1167 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f66c9411-c6f0-4016-a496-703a59233555
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1166 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:33 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c004d59-99d5-4d17-8755-3a4709cdf10d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1d0dfc47-11c5-4835-a8a0-36314f9d21fd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1165 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:43:32 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=33329bed-d726-4ee7-a297-d7c96c6522bb
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=5.1.14393.1944
RunspaceId=3b90ace5-8804-4e9a-ac4b-af5012f5c1e6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1164 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=33329bed-d726-4ee7-a297-d7c96c6522bb
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=5.1.14393.1944
RunspaceId=3b90ace5-8804-4e9a-ac4b-af5012f5c1e6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1163 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=33329bed-d726-4ee7-a297-d7c96c6522bb
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1162 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=33329bed-d726-4ee7-a297-d7c96c6522bb
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1161 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=33329bed-d726-4ee7-a297-d7c96c6522bb
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1160 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=33329bed-d726-4ee7-a297-d7c96c6522bb
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1159 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=33329bed-d726-4ee7-a297-d7c96c6522bb
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1158 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=33329bed-d726-4ee7-a297-d7c96c6522bb
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAZwBpAHQALQBpAG4AcwB0AGEAbABsAGUAcgAuAGUAeABlACAALwBzAGkAbABlAG4AdAA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1157 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b5651b84-2cce-4e0f-b46b-073b85e8ad4d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8ced30a1-5a37-447a-a891-c9cbac4da9a3
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1156 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b5651b84-2cce-4e0f-b46b-073b85e8ad4d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8ced30a1-5a37-447a-a891-c9cbac4da9a3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1155 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b5651b84-2cce-4e0f-b46b-073b85e8ad4d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1154 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b5651b84-2cce-4e0f-b46b-073b85e8ad4d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1153 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b5651b84-2cce-4e0f-b46b-073b85e8ad4d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1152 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b5651b84-2cce-4e0f-b46b-073b85e8ad4d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1151 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b5651b84-2cce-4e0f-b46b-073b85e8ad4d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1150 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b5651b84-2cce-4e0f-b46b-073b85e8ad4d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1149 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b5651b84-2cce-4e0f-b46b-073b85e8ad4d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1148 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=b5651b84-2cce-4e0f-b46b-073b85e8ad4d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1147 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c004d59-99d5-4d17-8755-3a4709cdf10d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1d0dfc47-11c5-4835-a8a0-36314f9d21fd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1146 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c004d59-99d5-4d17-8755-3a4709cdf10d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1145 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c004d59-99d5-4d17-8755-3a4709cdf10d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1144 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c004d59-99d5-4d17-8755-3a4709cdf10d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1143 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c004d59-99d5-4d17-8755-3a4709cdf10d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1142 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c004d59-99d5-4d17-8755-3a4709cdf10d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1141 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9c004d59-99d5-4d17-8755-3a4709cdf10d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1140 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=07ac7567-7ec5-47cb-ad3d-d760b53212c8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f491ae49-0896-4401-b09d-669987fda8d4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1139 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=606a441a-017c-4790-9843-2520e6e6bb0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2f2719f9-e258-4b24-82cf-7daf28231c9a
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1138 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=606a441a-017c-4790-9843-2520e6e6bb0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2f2719f9-e258-4b24-82cf-7daf28231c9a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1137 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=606a441a-017c-4790-9843-2520e6e6bb0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1136 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=606a441a-017c-4790-9843-2520e6e6bb0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1135 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=606a441a-017c-4790-9843-2520e6e6bb0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1134 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=606a441a-017c-4790-9843-2520e6e6bb0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1133 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=606a441a-017c-4790-9843-2520e6e6bb0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1132 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=606a441a-017c-4790-9843-2520e6e6bb0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1131 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=606a441a-017c-4790-9843-2520e6e6bb0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1130 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=606a441a-017c-4790-9843-2520e6e6bb0c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1129 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:42 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=07ac7567-7ec5-47cb-ad3d-d760b53212c8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f491ae49-0896-4401-b09d-669987fda8d4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1128 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=07ac7567-7ec5-47cb-ad3d-d760b53212c8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1127 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=07ac7567-7ec5-47cb-ad3d-d760b53212c8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1126 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=07ac7567-7ec5-47cb-ad3d-d760b53212c8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1125 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=07ac7567-7ec5-47cb-ad3d-d760b53212c8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1124 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=07ac7567-7ec5-47cb-ad3d-d760b53212c8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1123 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=07ac7567-7ec5-47cb-ad3d-d760b53212c8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1122 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:41 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=25b7ccd6-1774-4b05-96f9-b45cd7e3fd4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=aa63d299-ea0b-4c8c-98bf-797e3dfbdbc7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1121 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fcde30e4-649e-46a4-970a-b186601208a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0296306e-e90a-417f-bf60-b17f27d5824c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1120 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fcde30e4-649e-46a4-970a-b186601208a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1119 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fcde30e4-649e-46a4-970a-b186601208a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1118 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fcde30e4-649e-46a4-970a-b186601208a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1117 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fcde30e4-649e-46a4-970a-b186601208a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1116 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fcde30e4-649e-46a4-970a-b186601208a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1115 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fcde30e4-649e-46a4-970a-b186601208a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1114 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fcde30e4-649e-46a4-970a-b186601208a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1113 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fcde30e4-649e-46a4-970a-b186601208a7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1112 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=25b7ccd6-1774-4b05-96f9-b45cd7e3fd4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=aa63d299-ea0b-4c8c-98bf-797e3dfbdbc7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1111 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:40 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=25b7ccd6-1774-4b05-96f9-b45cd7e3fd4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1110 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=25b7ccd6-1774-4b05-96f9-b45cd7e3fd4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1109 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=25b7ccd6-1774-4b05-96f9-b45cd7e3fd4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1108 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=25b7ccd6-1774-4b05-96f9-b45cd7e3fd4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1107 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=25b7ccd6-1774-4b05-96f9-b45cd7e3fd4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1106 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=25b7ccd6-1774-4b05-96f9-b45cd7e3fd4e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1105 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=04f093f9-b582-4f67-b928-bf6a232de80d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAzAEEARABVAEEATgBnAEEAdQBBAEQARQBBAE8AUQBBAHQAQQBEAE0AQQBNAFEAQQB6AEEARABjAEEATgBRAEEANQBBAEQAWQBBAE8AQQBBADEAQQBEAFkAQQBOAGcAQQB3AEEARABnAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=5.1.14393.1944
RunspaceId=f7415dda-4ca3-465b-9dbc-ed829f7d41d4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1104 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b046930-56ae-41af-82c2-02d5b98a1693
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADUANgAuADEAOQAtADMAMQAzADcANQA5ADYAOAA1ADYANgAwADgAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=5.1.14393.1944
RunspaceId=c0ea6d3f-8e47-44fb-b322-badd241637e6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1103 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b046930-56ae-41af-82c2-02d5b98a1693
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADUANgAuADEAOQAtADMAMQAzADcANQA5ADYAOAA1ADYANgAwADgAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=5.1.14393.1944
RunspaceId=c0ea6d3f-8e47-44fb-b322-badd241637e6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1102 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b046930-56ae-41af-82c2-02d5b98a1693
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADUANgAuADEAOQAtADMAMQAzADcANQA5ADYAOAA1ADYANgAwADgAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1101 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b046930-56ae-41af-82c2-02d5b98a1693
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADUANgAuADEAOQAtADMAMQAzADcANQA5ADYAOAA1ADYANgAwADgAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1100 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b046930-56ae-41af-82c2-02d5b98a1693
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADUANgAuADEAOQAtADMAMQAzADcANQA5ADYAOAA1ADYANgAwADgAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1099 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b046930-56ae-41af-82c2-02d5b98a1693
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADUANgAuADEAOQAtADMAMQAzADcANQA5ADYAOAA1ADYANgAwADgAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1098 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b046930-56ae-41af-82c2-02d5b98a1693
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADUANgAuADEAOQAtADMAMQAzADcANQA5ADYAOAA1ADYANgAwADgAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1097 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=0b046930-56ae-41af-82c2-02d5b98a1693
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADUANgAuADEAOQAtADMAMQAzADcANQA5ADYAOAA1ADYANgAwADgAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1096 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:39 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=04f093f9-b582-4f67-b928-bf6a232de80d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAzAEEARABVAEEATgBnAEEAdQBBAEQARQBBAE8AUQBBAHQAQQBEAE0AQQBNAFEAQQB6AEEARABjAEEATgBRAEEANQBBAEQAWQBBAE8AQQBBADEAQQBEAFkAQQBOAGcAQQB3AEEARABnAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=5.1.14393.1944
RunspaceId=f7415dda-4ca3-465b-9dbc-ed829f7d41d4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1095 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=04f093f9-b582-4f67-b928-bf6a232de80d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAzAEEARABVAEEATgBnAEEAdQBBAEQARQBBAE8AUQBBAHQAQQBEAE0AQQBNAFEAQQB6AEEARABjAEEATgBRAEEANQBBAEQAWQBBAE8AQQBBADEAQQBEAFkAQQBOAGcAQQB3AEEARABnAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1094 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=04f093f9-b582-4f67-b928-bf6a232de80d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAzAEEARABVAEEATgBnAEEAdQBBAEQARQBBAE8AUQBBAHQAQQBEAE0AQQBNAFEAQQB6AEEARABjAEEATgBRAEEANQBBAEQAWQBBAE8AQQBBADEAQQBEAFkAQQBOAGcAQQB3AEEARABnAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1093 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=04f093f9-b582-4f67-b928-bf6a232de80d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAzAEEARABVAEEATgBnAEEAdQBBAEQARQBBAE8AUQBBAHQAQQBEAE0AQQBNAFEAQQB6AEEARABjAEEATgBRAEEANQBBAEQAWQBBAE8AQQBBADEAQQBEAFkAQQBOAGcAQQB3AEEARABnAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1092 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=04f093f9-b582-4f67-b928-bf6a232de80d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAzAEEARABVAEEATgBnAEEAdQBBAEQARQBBAE8AUQBBAHQAQQBEAE0AQQBNAFEAQQB6AEEARABjAEEATgBRAEEANQBBAEQAWQBBAE8AQQBBADEAQQBEAFkAQQBOAGcAQQB3AEEARABnAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1091 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=04f093f9-b582-4f67-b928-bf6a232de80d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAzAEEARABVAEEATgBnAEEAdQBBAEQARQBBAE8AUQBBAHQAQQBEAE0AQQBNAFEAQQB6AEEARABjAEEATgBRAEEANQBBAEQAWQBBAE8AQQBBADEAQQBEAFkAQQBOAGcAQQB3AEEARABnAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1090 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=04f093f9-b582-4f67-b928-bf6a232de80d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAzAEEARABVAEEATgBnAEEAdQBBAEQARQBBAE8AUQBBAHQAQQBEAE0AQQBNAFEAQQB6AEEARABjAEEATgBRAEEANQBBAEQAWQBBAE8AQQBBADEAQQBEAFkAQQBOAGcAQQB3AEEARABnAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1089 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1306e7c6-4b07-4690-ac9c-c0bb63388b05
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ac669081-e49e-4de3-a8f5-f3c3c14b1e35
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1088 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=864b11fb-edce-4b9f-a619-75a6e75ff9be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a1f76354-19ac-46e9-b90e-7f078f01b64a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1087 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=864b11fb-edce-4b9f-a619-75a6e75ff9be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1086 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=864b11fb-edce-4b9f-a619-75a6e75ff9be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1085 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=864b11fb-edce-4b9f-a619-75a6e75ff9be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1084 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=864b11fb-edce-4b9f-a619-75a6e75ff9be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1083 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=864b11fb-edce-4b9f-a619-75a6e75ff9be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1082 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=864b11fb-edce-4b9f-a619-75a6e75ff9be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1081 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=864b11fb-edce-4b9f-a619-75a6e75ff9be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1080 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=864b11fb-edce-4b9f-a619-75a6e75ff9be
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1079 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1306e7c6-4b07-4690-ac9c-c0bb63388b05
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ac669081-e49e-4de3-a8f5-f3c3c14b1e35
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1078 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1306e7c6-4b07-4690-ac9c-c0bb63388b05
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1077 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1306e7c6-4b07-4690-ac9c-c0bb63388b05
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1076 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1306e7c6-4b07-4690-ac9c-c0bb63388b05
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1075 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1306e7c6-4b07-4690-ac9c-c0bb63388b05
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1074 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1306e7c6-4b07-4690-ac9c-c0bb63388b05
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1073 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1306e7c6-4b07-4690-ac9c-c0bb63388b05
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1072 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac7a3af1-6f7b-43c1-aa44-05fd210f6668
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADUANgAuADEAOQAtADMAMQAzADcANQA5ADYAOAA1ADYANgAwADgAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=e2bbc5a5-d0d5-45e5-b361-32f42088b09e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1071 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac7a3af1-6f7b-43c1-aa44-05fd210f6668
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADUANgAuADEAOQAtADMAMQAzADcANQA5ADYAOAA1ADYANgAwADgAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=e2bbc5a5-d0d5-45e5-b361-32f42088b09e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1070 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac7a3af1-6f7b-43c1-aa44-05fd210f6668
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADUANgAuADEAOQAtADMAMQAzADcANQA5ADYAOAA1ADYANgAwADgAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1069 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac7a3af1-6f7b-43c1-aa44-05fd210f6668
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADUANgAuADEAOQAtADMAMQAzADcANQA5ADYAOAA1ADYANgAwADgAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1068 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac7a3af1-6f7b-43c1-aa44-05fd210f6668
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADUANgAuADEAOQAtADMAMQAzADcANQA5ADYAOAA1ADYANgAwADgAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1067 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac7a3af1-6f7b-43c1-aa44-05fd210f6668
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADUANgAuADEAOQAtADMAMQAzADcANQA5ADYAOAA1ADYANgAwADgAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1066 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac7a3af1-6f7b-43c1-aa44-05fd210f6668
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADUANgAuADEAOQAtADMAMQAzADcANQA5ADYAOAA1ADYANgAwADgAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1065 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ac7a3af1-6f7b-43c1-aa44-05fd210f6668
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADUANgAuADEAOQAtADMAMQAzADcANQA5ADYAOAA1ADYANgAwADgAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1064 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3892f96f-8406-48c2-a07a-0e7e690444bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAGMAQQBOAFEAQQAyAEEAQwA0AEEATQBRAEEANQBBAEMAMABBAE0AdwBBAHgAQQBEAE0AQQBOAHcAQQAxAEEARABrAEEATgBnAEEANABBAEQAVQBBAE4AZwBBADIAQQBEAEEAQQBPAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=5.1.14393.1944
RunspaceId=b2cf54b3-2067-4787-9f89-fd84a6bef3ec
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1063 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8e8b536d-9635-4e5b-b98c-9c574b4056ef
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADcANQA2AC4AMQA5AC0AMwAxADMANwA1ADkANgA4ADUANgA2ADAAOAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=5.1.14393.1944
RunspaceId=2c87232f-d59e-4be0-8603-9423ad1aab85
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1062 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8e8b536d-9635-4e5b-b98c-9c574b4056ef
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADcANQA2AC4AMQA5AC0AMwAxADMANwA1ADkANgA4ADUANgA2ADAAOAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=5.1.14393.1944
RunspaceId=2c87232f-d59e-4be0-8603-9423ad1aab85
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1061 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8e8b536d-9635-4e5b-b98c-9c574b4056ef
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADcANQA2AC4AMQA5AC0AMwAxADMANwA1ADkANgA4ADUANgA2ADAAOAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1060 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8e8b536d-9635-4e5b-b98c-9c574b4056ef
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADcANQA2AC4AMQA5AC0AMwAxADMANwA1ADkANgA4ADUANgA2ADAAOAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1059 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8e8b536d-9635-4e5b-b98c-9c574b4056ef
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADcANQA2AC4AMQA5AC0AMwAxADMANwA1ADkANgA4ADUANgA2ADAAOAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1058 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8e8b536d-9635-4e5b-b98c-9c574b4056ef
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADcANQA2AC4AMQA5AC0AMwAxADMANwA1ADkANgA4ADUANgA2ADAAOAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1057 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8e8b536d-9635-4e5b-b98c-9c574b4056ef
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADcANQA2AC4AMQA5AC0AMwAxADMANwA1ADkANgA4ADUANgA2ADAAOAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1056 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8e8b536d-9635-4e5b-b98c-9c574b4056ef
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADcANQA2AC4AMQA5AC0AMwAxADMANwA1ADkANgA4ADUANgA2ADAAOAAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1055 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3892f96f-8406-48c2-a07a-0e7e690444bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAGMAQQBOAFEAQQAyAEEAQwA0AEEATQBRAEEANQBBAEMAMABBAE0AdwBBAHgAQQBEAE0AQQBOAHcAQQAxAEEARABrAEEATgBnAEEANABBAEQAVQBBAE4AZwBBADIAQQBEAEEAQQBPAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=5.1.14393.1944
RunspaceId=b2cf54b3-2067-4787-9f89-fd84a6bef3ec
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1054 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3892f96f-8406-48c2-a07a-0e7e690444bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAGMAQQBOAFEAQQAyAEEAQwA0AEEATQBRAEEANQBBAEMAMABBAE0AdwBBAHgAQQBEAE0AQQBOAHcAQQAxAEEARABrAEEATgBnAEEANABBAEQAVQBBAE4AZwBBADIAQQBEAEEAQQBPAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1053 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3892f96f-8406-48c2-a07a-0e7e690444bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAGMAQQBOAFEAQQAyAEEAQwA0AEEATQBRAEEANQBBAEMAMABBAE0AdwBBAHgAQQBEAE0AQQBOAHcAQQAxAEEARABrAEEATgBnAEEANABBAEQAVQBBAE4AZwBBADIAQQBEAEEAQQBPAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1052 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3892f96f-8406-48c2-a07a-0e7e690444bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAGMAQQBOAFEAQQAyAEEAQwA0AEEATQBRAEEANQBBAEMAMABBAE0AdwBBAHgAQQBEAE0AQQBOAHcAQQAxAEEARABrAEEATgBnAEEANABBAEQAVQBBAE4AZwBBADIAQQBEAEEAQQBPAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1051 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3892f96f-8406-48c2-a07a-0e7e690444bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAGMAQQBOAFEAQQAyAEEAQwA0AEEATQBRAEEANQBBAEMAMABBAE0AdwBBAHgAQQBEAE0AQQBOAHcAQQAxAEEARABrAEEATgBnAEEANABBAEQAVQBBAE4AZwBBADIAQQBEAEEAQQBPAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1050 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3892f96f-8406-48c2-a07a-0e7e690444bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAGMAQQBOAFEAQQAyAEEAQwA0AEEATQBRAEEANQBBAEMAMABBAE0AdwBBAHgAQQBEAE0AQQBOAHcAQQAxAEEARABrAEEATgBnAEEANABBAEQAVQBBAE4AZwBBADIAQQBEAEEAQQBPAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1049 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3892f96f-8406-48c2-a07a-0e7e690444bd
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAGMAQQBOAFEAQQAyAEEAQwA0AEEATQBRAEEANQBBAEMAMABBAE0AdwBBAHgAQQBEAE0AQQBOAHcAQQAxAEEARABrAEEATgBnAEEANABBAEQAVQBBAE4AZwBBADIAQQBEAEEAQQBPAEEAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1048 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e0d0f425-1344-4254-95fa-ba942c565960
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c33923f1-6d78-4255-93b8-5c19df684a6a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1047 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=52f0d684-1e22-4b2b-a418-5b7ed9f76aa2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7ef14434-2f02-4cbf-b19e-b54bc550881f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1046 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=52f0d684-1e22-4b2b-a418-5b7ed9f76aa2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1045 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=52f0d684-1e22-4b2b-a418-5b7ed9f76aa2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1044 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=52f0d684-1e22-4b2b-a418-5b7ed9f76aa2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1043 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=52f0d684-1e22-4b2b-a418-5b7ed9f76aa2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1042 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=52f0d684-1e22-4b2b-a418-5b7ed9f76aa2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1041 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=52f0d684-1e22-4b2b-a418-5b7ed9f76aa2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1040 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=52f0d684-1e22-4b2b-a418-5b7ed9f76aa2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1039 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=52f0d684-1e22-4b2b-a418-5b7ed9f76aa2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1038 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e0d0f425-1344-4254-95fa-ba942c565960
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c33923f1-6d78-4255-93b8-5c19df684a6a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1037 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e0d0f425-1344-4254-95fa-ba942c565960
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1036 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e0d0f425-1344-4254-95fa-ba942c565960
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1035 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e0d0f425-1344-4254-95fa-ba942c565960
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1034 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e0d0f425-1344-4254-95fa-ba942c565960
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1033 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e0d0f425-1344-4254-95fa-ba942c565960
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1032 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e0d0f425-1344-4254-95fa-ba942c565960
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1031 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dccb1332-078e-45eb-9229-3146c9fabffc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=344417b5-85b3-4864-b4f7-4e738134b461
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1030 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35417289-5bae-4b2f-aa51-a8fdd019a075
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA
EngineVersion=5.1.14393.1944
RunspaceId=973eb9cd-112f-4dd0-896b-2f4a413433f0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1029 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35417289-5bae-4b2f-aa51-a8fdd019a075
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA
EngineVersion=5.1.14393.1944
RunspaceId=973eb9cd-112f-4dd0-896b-2f4a413433f0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1028 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35417289-5bae-4b2f-aa51-a8fdd019a075
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1027 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35417289-5bae-4b2f-aa51-a8fdd019a075
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1026 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35417289-5bae-4b2f-aa51-a8fdd019a075
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1025 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35417289-5bae-4b2f-aa51-a8fdd019a075
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1024 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35417289-5bae-4b2f-aa51-a8fdd019a075
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1023 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=35417289-5bae-4b2f-aa51-a8fdd019a075
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABwAHkAdABoAG8AbgAgACIAYwA6AFwAbwBwAGUAbgBzAHQAYQBjAGsAXAB0AG0AcABcAFwAZwBlAHQALQBwAGkAcAAuAHAAeQAiACAALQBjACAAIgBjADoAXABvAHAAZQBuAHMAdABhAGMAawBcAHQAbQBwAFwAXABjAG8AbgBzAHQAcgBhAGkAbgB0AHMALgB0AHgAdAAiACAAcABpAHAA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1022 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72ee371e-3cf4-4853-9972-f3e3d9d1a57a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9297295b-5ee1-4e9a-a58a-02d4ba930191
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 1021 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72ee371e-3cf4-4853-9972-f3e3d9d1a57a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9297295b-5ee1-4e9a-a58a-02d4ba930191
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1020 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72ee371e-3cf4-4853-9972-f3e3d9d1a57a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1019 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72ee371e-3cf4-4853-9972-f3e3d9d1a57a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1018 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72ee371e-3cf4-4853-9972-f3e3d9d1a57a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1017 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72ee371e-3cf4-4853-9972-f3e3d9d1a57a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1016 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72ee371e-3cf4-4853-9972-f3e3d9d1a57a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1015 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72ee371e-3cf4-4853-9972-f3e3d9d1a57a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1014 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72ee371e-3cf4-4853-9972-f3e3d9d1a57a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1013 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=72ee371e-3cf4-4853-9972-f3e3d9d1a57a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1012 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dccb1332-078e-45eb-9229-3146c9fabffc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=344417b5-85b3-4864-b4f7-4e738134b461
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1011 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dccb1332-078e-45eb-9229-3146c9fabffc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1010 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dccb1332-078e-45eb-9229-3146c9fabffc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1009 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dccb1332-078e-45eb-9229-3146c9fabffc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1008 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dccb1332-078e-45eb-9229-3146c9fabffc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1007 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dccb1332-078e-45eb-9229-3146c9fabffc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1006 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=dccb1332-078e-45eb-9229-3146c9fabffc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1005 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6dada4ca-c37d-4624-bb52-265b5df68195
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAzAEEARABNAEEATQBRAEEAdQBBAEQAWQBBAE8AQQBBAHQAQQBEAGMAQQBNAEEAQQAzAEEARABRAEEATgBRAEEAdwBBAEQAUQBBAE4AdwBBAHgAQQBEAFEAQQBOAFEAQQB3AEEARABFAEEATgB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=1f75b1b5-31dc-4fe0-b321-ecd20c90fd9a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1004 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b0371767-d062-4339-9aee-b5ad96cd3c35
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADMAMQAuADYAOAAtADcAMAA3ADQANQAwADQANwAxADQANQAwADEANwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=9afc4a2d-802b-4533-9381-02b1cfdb068b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 1003 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b0371767-d062-4339-9aee-b5ad96cd3c35
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADMAMQAuADYAOAAtADcAMAA3ADQANQAwADQANwAxADQANQAwADEANwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=9afc4a2d-802b-4533-9381-02b1cfdb068b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 1002 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b0371767-d062-4339-9aee-b5ad96cd3c35
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADMAMQAuADYAOAAtADcAMAA3ADQANQAwADQANwAxADQANQAwADEANwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1001 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b0371767-d062-4339-9aee-b5ad96cd3c35
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADMAMQAuADYAOAAtADcAMAA3ADQANQAwADQANwAxADQANQAwADEANwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1000 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b0371767-d062-4339-9aee-b5ad96cd3c35
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADMAMQAuADYAOAAtADcAMAA3ADQANQAwADQANwAxADQANQAwADEANwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 999 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b0371767-d062-4339-9aee-b5ad96cd3c35
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADMAMQAuADYAOAAtADcAMAA3ADQANQAwADQANwAxADQANQAwADEANwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 998 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b0371767-d062-4339-9aee-b5ad96cd3c35
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADMAMQAuADYAOAAtADcAMAA3ADQANQAwADQANwAxADQANQAwADEANwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 997 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b0371767-d062-4339-9aee-b5ad96cd3c35
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADMAMQAuADYAOAAtADcAMAA3ADQANQAwADQANwAxADQANQAwADEANwAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 996 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6dada4ca-c37d-4624-bb52-265b5df68195
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAzAEEARABNAEEATQBRAEEAdQBBAEQAWQBBAE8AQQBBAHQAQQBEAGMAQQBNAEEAQQAzAEEARABRAEEATgBRAEEAdwBBAEQAUQBBAE4AdwBBAHgAQQBEAFEAQQBOAFEAQQB3AEEARABFAEEATgB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=1f75b1b5-31dc-4fe0-b321-ecd20c90fd9a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 995 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6dada4ca-c37d-4624-bb52-265b5df68195
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAzAEEARABNAEEATQBRAEEAdQBBAEQAWQBBAE8AQQBBAHQAQQBEAGMAQQBNAEEAQQAzAEEARABRAEEATgBRAEEAdwBBAEQAUQBBAE4AdwBBAHgAQQBEAFEAQQBOAFEAQQB3AEEARABFAEEATgB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 994 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6dada4ca-c37d-4624-bb52-265b5df68195
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAzAEEARABNAEEATQBRAEEAdQBBAEQAWQBBAE8AQQBBAHQAQQBEAGMAQQBNAEEAQQAzAEEARABRAEEATgBRAEEAdwBBAEQAUQBBAE4AdwBBAHgAQQBEAFEAQQBOAFEAQQB3AEEARABFAEEATgB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 993 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6dada4ca-c37d-4624-bb52-265b5df68195
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAzAEEARABNAEEATQBRAEEAdQBBAEQAWQBBAE8AQQBBAHQAQQBEAGMAQQBNAEEAQQAzAEEARABRAEEATgBRAEEAdwBBAEQAUQBBAE4AdwBBAHgAQQBEAFEAQQBOAFEAQQB3AEEARABFAEEATgB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 992 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6dada4ca-c37d-4624-bb52-265b5df68195
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAzAEEARABNAEEATQBRAEEAdQBBAEQAWQBBAE8AQQBBAHQAQQBEAGMAQQBNAEEAQQAzAEEARABRAEEATgBRAEEAdwBBAEQAUQBBAE4AdwBBAHgAQQBEAFEAQQBOAFEAQQB3AEEARABFAEEATgB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 991 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6dada4ca-c37d-4624-bb52-265b5df68195
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAzAEEARABNAEEATQBRAEEAdQBBAEQAWQBBAE8AQQBBAHQAQQBEAGMAQQBNAEEAQQAzAEEARABRAEEATgBRAEEAdwBBAEQAUQBBAE4AdwBBAHgAQQBEAFEAQQBOAFEAQQB3AEEARABFAEEATgB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 990 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6dada4ca-c37d-4624-bb52-265b5df68195
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAzAEEARABNAEEATQBRAEEAdQBBAEQAWQBBAE8AQQBBAHQAQQBEAGMAQQBNAEEAQQAzAEEARABRAEEATgBRAEEAdwBBAEQAUQBBAE4AdwBBAHgAQQBEAFEAQQBOAFEAQQB3AEEARABFAEEATgB3AEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 989 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c223dd38-40d4-43de-a59f-e9486bd47aac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7df49b3e-c860-4ab2-968c-2f9d97510b4d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 988 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8d4c6412-5ee4-4a8a-bd30-c86b0ef39471
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2b3b84b9-c9e7-4fe6-95a3-d1135a8a71f4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 987 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8d4c6412-5ee4-4a8a-bd30-c86b0ef39471
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 986 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8d4c6412-5ee4-4a8a-bd30-c86b0ef39471
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 985 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8d4c6412-5ee4-4a8a-bd30-c86b0ef39471
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 984 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8d4c6412-5ee4-4a8a-bd30-c86b0ef39471
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 983 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8d4c6412-5ee4-4a8a-bd30-c86b0ef39471
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 982 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8d4c6412-5ee4-4a8a-bd30-c86b0ef39471
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 981 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8d4c6412-5ee4-4a8a-bd30-c86b0ef39471
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 980 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8d4c6412-5ee4-4a8a-bd30-c86b0ef39471
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 979 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c223dd38-40d4-43de-a59f-e9486bd47aac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7df49b3e-c860-4ab2-968c-2f9d97510b4d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 978 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c223dd38-40d4-43de-a59f-e9486bd47aac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 977 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c223dd38-40d4-43de-a59f-e9486bd47aac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 976 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c223dd38-40d4-43de-a59f-e9486bd47aac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 975 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c223dd38-40d4-43de-a59f-e9486bd47aac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 974 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c223dd38-40d4-43de-a59f-e9486bd47aac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 973 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c223dd38-40d4-43de-a59f-e9486bd47aac
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 972 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6a373eb4-642c-4734-8f94-517512784443
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADMAMQAuADYAOAAtADcAMAA3ADQANQAwADQANwAxADQANQAwADEANwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=dc89548b-edf8-4dfb-9c89-8613a48cc4d5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 971 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6a373eb4-642c-4734-8f94-517512784443
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADMAMQAuADYAOAAtADcAMAA3ADQANQAwADQANwAxADQANQAwADEANwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=dc89548b-edf8-4dfb-9c89-8613a48cc4d5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 970 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6a373eb4-642c-4734-8f94-517512784443
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADMAMQAuADYAOAAtADcAMAA3ADQANQAwADQANwAxADQANQAwADEANwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 969 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6a373eb4-642c-4734-8f94-517512784443
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADMAMQAuADYAOAAtADcAMAA3ADQANQAwADQANwAxADQANQAwADEANwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 968 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6a373eb4-642c-4734-8f94-517512784443
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADMAMQAuADYAOAAtADcAMAA3ADQANQAwADQANwAxADQANQAwADEANwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 967 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6a373eb4-642c-4734-8f94-517512784443
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADMAMQAuADYAOAAtADcAMAA3ADQANQAwADQANwAxADQANQAwADEANwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 966 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6a373eb4-642c-4734-8f94-517512784443
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADMAMQAuADYAOAAtADcAMAA3ADQANQAwADQANwAxADQANQAwADEANwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 965 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6a373eb4-642c-4734-8f94-517512784443
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA3ADMAMQAuADYAOAAtADcAMAA3ADQANQAwADQANwAxADQANQAwADEANwBcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 964 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d3601c83-8c6d-4835-b24b-7478e40256e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAGMAQQBNAHcAQQB4AEEAQwA0AEEATgBnAEEANABBAEMAMABBAE4AdwBBAHcAQQBEAGMAQQBOAEEAQQAxAEEARABBAEEATgBBAEEAMwBBAEQARQBBAE4AQQBBADEAQQBEAEEAQQBNAFEAQQAzAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=e67ec55f-dd6c-4af7-8889-5c02540914d4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 963 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=179e5771-0333-40d0-b085-0c66a5b40c72
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADcAMwAxAC4ANgA4AC0ANwAwADcANAA1ADAANAA3ADEANAA1ADAAMQA3ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=a1df41f2-9aec-467c-8acf-000c1aacedfa
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 962 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=179e5771-0333-40d0-b085-0c66a5b40c72
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADcAMwAxAC4ANgA4AC0ANwAwADcANAA1ADAANAA3ADEANAA1ADAAMQA3ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=a1df41f2-9aec-467c-8acf-000c1aacedfa
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 961 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=179e5771-0333-40d0-b085-0c66a5b40c72
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADcAMwAxAC4ANgA4AC0ANwAwADcANAA1ADAANAA3ADEANAA1ADAAMQA3ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 960 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=179e5771-0333-40d0-b085-0c66a5b40c72
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADcAMwAxAC4ANgA4AC0ANwAwADcANAA1ADAANAA3ADEANAA1ADAAMQA3ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 959 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=179e5771-0333-40d0-b085-0c66a5b40c72
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADcAMwAxAC4ANgA4AC0ANwAwADcANAA1ADAANAA3ADEANAA1ADAAMQA3ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 958 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=179e5771-0333-40d0-b085-0c66a5b40c72
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADcAMwAxAC4ANgA4AC0ANwAwADcANAA1ADAANAA3ADEANAA1ADAAMQA3ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 957 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=179e5771-0333-40d0-b085-0c66a5b40c72
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADcAMwAxAC4ANgA4AC0ANwAwADcANAA1ADAANAA3ADEANAA1ADAAMQA3ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 956 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=179e5771-0333-40d0-b085-0c66a5b40c72
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADcAMwAxAC4ANgA4AC0ANwAwADcANAA1ADAANAA3ADEANAA1ADAAMQA3ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 955 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d3601c83-8c6d-4835-b24b-7478e40256e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAGMAQQBNAHcAQQB4AEEAQwA0AEEATgBnAEEANABBAEMAMABBAE4AdwBBAHcAQQBEAGMAQQBOAEEAQQAxAEEARABBAEEATgBBAEEAMwBBAEQARQBBAE4AQQBBADEAQQBEAEEAQQBNAFEAQQAzAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=e67ec55f-dd6c-4af7-8889-5c02540914d4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 954 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d3601c83-8c6d-4835-b24b-7478e40256e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAGMAQQBNAHcAQQB4AEEAQwA0AEEATgBnAEEANABBAEMAMABBAE4AdwBBAHcAQQBEAGMAQQBOAEEAQQAxAEEARABBAEEATgBBAEEAMwBBAEQARQBBAE4AQQBBADEAQQBEAEEAQQBNAFEAQQAzAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 953 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d3601c83-8c6d-4835-b24b-7478e40256e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAGMAQQBNAHcAQQB4AEEAQwA0AEEATgBnAEEANABBAEMAMABBAE4AdwBBAHcAQQBEAGMAQQBOAEEAQQAxAEEARABBAEEATgBBAEEAMwBBAEQARQBBAE4AQQBBADEAQQBEAEEAQQBNAFEAQQAzAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 952 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d3601c83-8c6d-4835-b24b-7478e40256e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAGMAQQBNAHcAQQB4AEEAQwA0AEEATgBnAEEANABBAEMAMABBAE4AdwBBAHcAQQBEAGMAQQBOAEEAQQAxAEEARABBAEEATgBBAEEAMwBBAEQARQBBAE4AQQBBADEAQQBEAEEAQQBNAFEAQQAzAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 951 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d3601c83-8c6d-4835-b24b-7478e40256e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAGMAQQBNAHcAQQB4AEEAQwA0AEEATgBnAEEANABBAEMAMABBAE4AdwBBAHcAQQBEAGMAQQBOAEEAQQAxAEEARABBAEEATgBBAEEAMwBBAEQARQBBAE4AQQBBADEAQQBEAEEAQQBNAFEAQQAzAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 950 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d3601c83-8c6d-4835-b24b-7478e40256e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAGMAQQBNAHcAQQB4AEEAQwA0AEEATgBnAEEANABBAEMAMABBAE4AdwBBAHcAQQBEAGMAQQBOAEEAQQAxAEEARABBAEEATgBBAEEAMwBBAEQARQBBAE4AQQBBADEAQQBEAEEAQQBNAFEAQQAzAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 949 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d3601c83-8c6d-4835-b24b-7478e40256e3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAGMAQQBNAHcAQQB4AEEAQwA0AEEATgBnAEEANABBAEMAMABBAE4AdwBBAHcAQQBEAGMAQQBOAEEAQQAxAEEARABBAEEATgBBAEEAMwBBAEQARQBBAE4AQQBBADEAQQBEAEEAQQBNAFEAQQAzAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 948 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1e04b87-9e3c-4aa7-86f8-eeffce3040f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=76b39f52-8940-41cd-bea9-d728ee600488
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 947 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=de5a4060-3afd-46b0-953f-60fdd9f785d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=56a17671-a484-4ef0-aced-988503d8cb7e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 946 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=de5a4060-3afd-46b0-953f-60fdd9f785d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 945 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=de5a4060-3afd-46b0-953f-60fdd9f785d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 944 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=de5a4060-3afd-46b0-953f-60fdd9f785d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 943 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=de5a4060-3afd-46b0-953f-60fdd9f785d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 942 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=de5a4060-3afd-46b0-953f-60fdd9f785d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 941 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=de5a4060-3afd-46b0-953f-60fdd9f785d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 940 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=de5a4060-3afd-46b0-953f-60fdd9f785d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 939 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=de5a4060-3afd-46b0-953f-60fdd9f785d9
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 938 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1e04b87-9e3c-4aa7-86f8-eeffce3040f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=76b39f52-8940-41cd-bea9-d728ee600488
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 937 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1e04b87-9e3c-4aa7-86f8-eeffce3040f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 936 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1e04b87-9e3c-4aa7-86f8-eeffce3040f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 935 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1e04b87-9e3c-4aa7-86f8-eeffce3040f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 934 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1e04b87-9e3c-4aa7-86f8-eeffce3040f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 933 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1e04b87-9e3c-4aa7-86f8-eeffce3040f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 932 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1e04b87-9e3c-4aa7-86f8-eeffce3040f8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 931 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7dbb9a30-a5e9-48c7-b0f6-dd6a63afa9f3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1c3601c8-1ce0-438c-b732-54f2d1784894
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 930 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=76c14b07-506a-47d4-83e0-83aa18bb9b7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f045ad87-4001-4308-ae58-7d25cb405439
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 929 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=76c14b07-506a-47d4-83e0-83aa18bb9b7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f045ad87-4001-4308-ae58-7d25cb405439
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 928 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=76c14b07-506a-47d4-83e0-83aa18bb9b7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 927 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=76c14b07-506a-47d4-83e0-83aa18bb9b7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 926 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=76c14b07-506a-47d4-83e0-83aa18bb9b7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 925 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=76c14b07-506a-47d4-83e0-83aa18bb9b7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 924 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=76c14b07-506a-47d4-83e0-83aa18bb9b7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 923 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=76c14b07-506a-47d4-83e0-83aa18bb9b7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 922 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=76c14b07-506a-47d4-83e0-83aa18bb9b7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 921 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=76c14b07-506a-47d4-83e0-83aa18bb9b7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 920 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7dbb9a30-a5e9-48c7-b0f6-dd6a63afa9f3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=1c3601c8-1ce0-438c-b732-54f2d1784894
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 919 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7dbb9a30-a5e9-48c7-b0f6-dd6a63afa9f3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 918 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7dbb9a30-a5e9-48c7-b0f6-dd6a63afa9f3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 917 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7dbb9a30-a5e9-48c7-b0f6-dd6a63afa9f3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 916 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7dbb9a30-a5e9-48c7-b0f6-dd6a63afa9f3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 915 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7dbb9a30-a5e9-48c7-b0f6-dd6a63afa9f3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 914 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7dbb9a30-a5e9-48c7-b0f6-dd6a63afa9f3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 913 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1973687-19fd-4e81-bd33-87272dc7e5d5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=606b2ef8-939d-423d-9206-eacdbe4612f8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 912 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d7006782-c233-4d35-9c67-db5f96768334
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fb21e54a-a705-4aaa-8934-38886062e606
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 911 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d7006782-c233-4d35-9c67-db5f96768334
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 910 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d7006782-c233-4d35-9c67-db5f96768334
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 909 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d7006782-c233-4d35-9c67-db5f96768334
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 908 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d7006782-c233-4d35-9c67-db5f96768334
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 907 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d7006782-c233-4d35-9c67-db5f96768334
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 906 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d7006782-c233-4d35-9c67-db5f96768334
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 905 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d7006782-c233-4d35-9c67-db5f96768334
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 904 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d7006782-c233-4d35-9c67-db5f96768334
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 903 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1973687-19fd-4e81-bd33-87272dc7e5d5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=606b2ef8-939d-423d-9206-eacdbe4612f8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 902 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1973687-19fd-4e81-bd33-87272dc7e5d5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 901 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1973687-19fd-4e81-bd33-87272dc7e5d5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 900 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1973687-19fd-4e81-bd33-87272dc7e5d5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 899 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1973687-19fd-4e81-bd33-87272dc7e5d5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 898 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1973687-19fd-4e81-bd33-87272dc7e5d5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 897 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e1973687-19fd-4e81-bd33-87272dc7e5d5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 896 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aa50f2d7-6225-4874-aa56-899b9852a415
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e2eea477-dc2d-45da-b4e9-a8c3ee4f9aba
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 895 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:42:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=70f1979c-c277-4770-a001-6809f485b066
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ea24c463-95f4-41a7-8b65-7da96485072b
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 894 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=70f1979c-c277-4770-a001-6809f485b066
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ea24c463-95f4-41a7-8b65-7da96485072b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 893 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=70f1979c-c277-4770-a001-6809f485b066
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 892 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=70f1979c-c277-4770-a001-6809f485b066
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 891 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=70f1979c-c277-4770-a001-6809f485b066
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 890 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=70f1979c-c277-4770-a001-6809f485b066
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 889 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=70f1979c-c277-4770-a001-6809f485b066
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 888 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=70f1979c-c277-4770-a001-6809f485b066
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 887 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=70f1979c-c277-4770-a001-6809f485b066
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 886 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=70f1979c-c277-4770-a001-6809f485b066
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 885 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aa50f2d7-6225-4874-aa56-899b9852a415
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e2eea477-dc2d-45da-b4e9-a8c3ee4f9aba
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 884 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aa50f2d7-6225-4874-aa56-899b9852a415
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 883 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aa50f2d7-6225-4874-aa56-899b9852a415
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 882 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aa50f2d7-6225-4874-aa56-899b9852a415
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 881 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aa50f2d7-6225-4874-aa56-899b9852a415
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 880 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aa50f2d7-6225-4874-aa56-899b9852a415
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 879 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=aa50f2d7-6225-4874-aa56-899b9852a415
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 878 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba5dc967-0882-4ae6-a23a-8621e862d24d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=47aecd7c-cd88-47ea-a8b1-14dba8afa1d4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 877 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5fa0c254-8e77-4fc4-905c-a635fa0e7f8a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b3573d23-bcaa-4b53-a239-7d2eb28ab9d5
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 876 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5fa0c254-8e77-4fc4-905c-a635fa0e7f8a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b3573d23-bcaa-4b53-a239-7d2eb28ab9d5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 875 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5fa0c254-8e77-4fc4-905c-a635fa0e7f8a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 874 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5fa0c254-8e77-4fc4-905c-a635fa0e7f8a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 873 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5fa0c254-8e77-4fc4-905c-a635fa0e7f8a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 872 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5fa0c254-8e77-4fc4-905c-a635fa0e7f8a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 871 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5fa0c254-8e77-4fc4-905c-a635fa0e7f8a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 870 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5fa0c254-8e77-4fc4-905c-a635fa0e7f8a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 869 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5fa0c254-8e77-4fc4-905c-a635fa0e7f8a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 868 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5fa0c254-8e77-4fc4-905c-a635fa0e7f8a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 867 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba5dc967-0882-4ae6-a23a-8621e862d24d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=47aecd7c-cd88-47ea-a8b1-14dba8afa1d4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 866 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba5dc967-0882-4ae6-a23a-8621e862d24d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 865 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba5dc967-0882-4ae6-a23a-8621e862d24d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 864 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba5dc967-0882-4ae6-a23a-8621e862d24d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 863 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba5dc967-0882-4ae6-a23a-8621e862d24d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 862 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba5dc967-0882-4ae6-a23a-8621e862d24d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 861 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba5dc967-0882-4ae6-a23a-8621e862d24d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 860 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=964d3add-ef9d-45b5-b298-bea2268487a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=10797129-473d-4603-9940-07f009ad660b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 859 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8ff5020a-b378-49a9-b6e5-e822a92d9631
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=0215a264-3d93-4568-a24f-f4432c231328
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 858 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8ff5020a-b378-49a9-b6e5-e822a92d9631
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 857 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8ff5020a-b378-49a9-b6e5-e822a92d9631
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 856 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8ff5020a-b378-49a9-b6e5-e822a92d9631
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 855 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8ff5020a-b378-49a9-b6e5-e822a92d9631
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 854 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8ff5020a-b378-49a9-b6e5-e822a92d9631
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 853 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8ff5020a-b378-49a9-b6e5-e822a92d9631
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 852 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8ff5020a-b378-49a9-b6e5-e822a92d9631
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 851 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=8ff5020a-b378-49a9-b6e5-e822a92d9631
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 850 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=964d3add-ef9d-45b5-b298-bea2268487a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=10797129-473d-4603-9940-07f009ad660b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 849 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=964d3add-ef9d-45b5-b298-bea2268487a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 848 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=964d3add-ef9d-45b5-b298-bea2268487a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 847 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=964d3add-ef9d-45b5-b298-bea2268487a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 846 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=964d3add-ef9d-45b5-b298-bea2268487a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 845 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=964d3add-ef9d-45b5-b298-bea2268487a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 844 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=964d3add-ef9d-45b5-b298-bea2268487a4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 843 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4126399e-3dc2-4ee9-bc0e-9e564f399b25
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fe127bc0-c609-4530-a415-035bbae286bf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 842 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=07f5e279-272b-4477-98f5-fba15fc47305
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9428eb71-5e27-4644-aadc-6719878aab63
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 841 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=07f5e279-272b-4477-98f5-fba15fc47305
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 840 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=07f5e279-272b-4477-98f5-fba15fc47305
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 839 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=07f5e279-272b-4477-98f5-fba15fc47305
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 838 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=07f5e279-272b-4477-98f5-fba15fc47305
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 837 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=07f5e279-272b-4477-98f5-fba15fc47305
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 836 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=07f5e279-272b-4477-98f5-fba15fc47305
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 835 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=07f5e279-272b-4477-98f5-fba15fc47305
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 834 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=07f5e279-272b-4477-98f5-fba15fc47305
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 833 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4126399e-3dc2-4ee9-bc0e-9e564f399b25
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=fe127bc0-c609-4530-a415-035bbae286bf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 832 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4126399e-3dc2-4ee9-bc0e-9e564f399b25
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 831 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4126399e-3dc2-4ee9-bc0e-9e564f399b25
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 830 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4126399e-3dc2-4ee9-bc0e-9e564f399b25
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 829 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4126399e-3dc2-4ee9-bc0e-9e564f399b25
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 828 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4126399e-3dc2-4ee9-bc0e-9e564f399b25
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 827 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4126399e-3dc2-4ee9-bc0e-9e564f399b25
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 826 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=49fec37b-3e1c-4261-954b-7479b3a35cab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c38e8993-c0ac-4c77-b6eb-7086930848d6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 825 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.IO.Compression.FileSystem
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9c7d0a3d-4b60-4285-9aa7-1bbaedb13a13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=492b39e2-a092-4715-a4af-ca9b0b515790
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.IO.Compression.FileSystem
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.IO.Compression.FileSystem"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 824 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9c7d0a3d-4b60-4285-9aa7-1bbaedb13a13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=492b39e2-a092-4715-a4af-ca9b0b515790
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 823 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9c7d0a3d-4b60-4285-9aa7-1bbaedb13a13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 822 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9c7d0a3d-4b60-4285-9aa7-1bbaedb13a13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 821 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9c7d0a3d-4b60-4285-9aa7-1bbaedb13a13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 820 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9c7d0a3d-4b60-4285-9aa7-1bbaedb13a13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 819 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9c7d0a3d-4b60-4285-9aa7-1bbaedb13a13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 818 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9c7d0a3d-4b60-4285-9aa7-1bbaedb13a13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 817 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9c7d0a3d-4b60-4285-9aa7-1bbaedb13a13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 816 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=9c7d0a3d-4b60-4285-9aa7-1bbaedb13a13
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 815 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=49fec37b-3e1c-4261-954b-7479b3a35cab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c38e8993-c0ac-4c77-b6eb-7086930848d6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 814 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=49fec37b-3e1c-4261-954b-7479b3a35cab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 813 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=49fec37b-3e1c-4261-954b-7479b3a35cab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 812 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=49fec37b-3e1c-4261-954b-7479b3a35cab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 811 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=49fec37b-3e1c-4261-954b-7479b3a35cab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 810 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=49fec37b-3e1c-4261-954b-7479b3a35cab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 809 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=49fec37b-3e1c-4261-954b-7479b3a35cab
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 808 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea00089d-1732-4e05-9f4b-57297dc834cb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=94fe309e-2f59-49fd-893b-9ca5bd381d18
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 807 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $webclient_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d978db4b-e0d8-43f6-87a2-fa0ab8358ef6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=af079932-bc55-4daf-80f3-eeeb916e2bcc
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $webclient_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value=" using System.Net;
public class ExtendedWebClient : WebClient {
public int Timeout;
public ExtendedWebClient() {
Timeout = 600000; // Default timeout value
}
protected override WebRequest GetWebRequest(System.Uri address) {
WebRequest request = base.GetWebRequest(address);
request.Timeout = Timeout;
return request;
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 806 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d978db4b-e0d8-43f6-87a2-fa0ab8358ef6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=af079932-bc55-4daf-80f3-eeeb916e2bcc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 805 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d978db4b-e0d8-43f6-87a2-fa0ab8358ef6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 804 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d978db4b-e0d8-43f6-87a2-fa0ab8358ef6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 803 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d978db4b-e0d8-43f6-87a2-fa0ab8358ef6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 802 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d978db4b-e0d8-43f6-87a2-fa0ab8358ef6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 801 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d978db4b-e0d8-43f6-87a2-fa0ab8358ef6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 800 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d978db4b-e0d8-43f6-87a2-fa0ab8358ef6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 799 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d978db4b-e0d8-43f6-87a2-fa0ab8358ef6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 798 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d978db4b-e0d8-43f6-87a2-fa0ab8358ef6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 797 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea00089d-1732-4e05-9f4b-57297dc834cb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=94fe309e-2f59-49fd-893b-9ca5bd381d18
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 796 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea00089d-1732-4e05-9f4b-57297dc834cb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 795 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea00089d-1732-4e05-9f4b-57297dc834cb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 794 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea00089d-1732-4e05-9f4b-57297dc834cb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 793 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea00089d-1732-4e05-9f4b-57297dc834cb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 792 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea00089d-1732-4e05-9f4b-57297dc834cb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 791 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea00089d-1732-4e05-9f4b-57297dc834cb
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 790 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=39b4f308-2629-4e8a-ad10-16d48043460a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=902c270b-7245-45bf-9d44-f3deb6416fd3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 789 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=697086cc-83ac-41a8-b2f6-b095ed939591
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6f927f5e-481e-4f37-a557-76daa4b0b7e8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 788 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=697086cc-83ac-41a8-b2f6-b095ed939591
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 787 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=697086cc-83ac-41a8-b2f6-b095ed939591
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 786 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=697086cc-83ac-41a8-b2f6-b095ed939591
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 785 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=697086cc-83ac-41a8-b2f6-b095ed939591
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 784 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=697086cc-83ac-41a8-b2f6-b095ed939591
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 783 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=697086cc-83ac-41a8-b2f6-b095ed939591
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 782 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=697086cc-83ac-41a8-b2f6-b095ed939591
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 781 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=697086cc-83ac-41a8-b2f6-b095ed939591
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 780 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=39b4f308-2629-4e8a-ad10-16d48043460a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=902c270b-7245-45bf-9d44-f3deb6416fd3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 779 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=39b4f308-2629-4e8a-ad10-16d48043460a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 778 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=39b4f308-2629-4e8a-ad10-16d48043460a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 777 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=39b4f308-2629-4e8a-ad10-16d48043460a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 776 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=39b4f308-2629-4e8a-ad10-16d48043460a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 775 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=39b4f308-2629-4e8a-ad10-16d48043460a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 774 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=39b4f308-2629-4e8a-ad10-16d48043460a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 773 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6490091b-b556-46fd-9a43-993abfcb1dae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAyAEEARABBAEEATQBnAEEAdQBBAEQAZwBBAE4AZwBBAHQAQQBEAFEAQQBNAEEAQQAxAEEARABZAEEATgBBAEEAegBBAEQATQBBAE0AQQBBADUAQQBEAE0AQQBOAFEAQQB3AEEARABjAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=5.1.14393.1944
RunspaceId=0f6c5285-fa17-4b25-9186-60f83795e69e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 772 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=53fa2e17-9155-4680-8b42-874237605f2e
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA2ADAAMgAuADgANgAtADQAMAA1ADYANAAzADMAMAA5ADMANQAwADcAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=5.1.14393.1944
RunspaceId=80f65c9d-b8fc-4cc4-8334-202fd14c81c2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 771 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=53fa2e17-9155-4680-8b42-874237605f2e
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA2ADAAMgAuADgANgAtADQAMAA1ADYANAAzADMAMAA5ADMANQAwADcAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=5.1.14393.1944
RunspaceId=80f65c9d-b8fc-4cc4-8334-202fd14c81c2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 770 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=53fa2e17-9155-4680-8b42-874237605f2e
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA2ADAAMgAuADgANgAtADQAMAA1ADYANAAzADMAMAA5ADMANQAwADcAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 769 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=53fa2e17-9155-4680-8b42-874237605f2e
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA2ADAAMgAuADgANgAtADQAMAA1ADYANAAzADMAMAA5ADMANQAwADcAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 768 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=53fa2e17-9155-4680-8b42-874237605f2e
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA2ADAAMgAuADgANgAtADQAMAA1ADYANAAzADMAMAA5ADMANQAwADcAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 767 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=53fa2e17-9155-4680-8b42-874237605f2e
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA2ADAAMgAuADgANgAtADQAMAA1ADYANAAzADMAMAA5ADMANQAwADcAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 766 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=53fa2e17-9155-4680-8b42-874237605f2e
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA2ADAAMgAuADgANgAtADQAMAA1ADYANAAzADMAMAA5ADMANQAwADcAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 765 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=53fa2e17-9155-4680-8b42-874237605f2e
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA2ADAAMgAuADgANgAtADQAMAA1ADYANAAzADMAMAA5ADMANQAwADcAIgAgAC0ARgBvAHIAYwBlACAALQBSAGUAYwB1AHIAcwBlADsACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 764 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6490091b-b556-46fd-9a43-993abfcb1dae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAyAEEARABBAEEATQBnAEEAdQBBAEQAZwBBAE4AZwBBAHQAQQBEAFEAQQBNAEEAQQAxAEEARABZAEEATgBBAEEAegBBAEQATQBBAE0AQQBBADUAQQBEAE0AQQBOAFEAQQB3AEEARABjAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=5.1.14393.1944
RunspaceId=0f6c5285-fa17-4b25-9186-60f83795e69e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 763 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6490091b-b556-46fd-9a43-993abfcb1dae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAyAEEARABBAEEATQBnAEEAdQBBAEQAZwBBAE4AZwBBAHQAQQBEAFEAQQBNAEEAQQAxAEEARABZAEEATgBBAEEAegBBAEQATQBBAE0AQQBBADUAQQBEAE0AQQBOAFEAQQB3AEEARABjAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 762 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6490091b-b556-46fd-9a43-993abfcb1dae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAyAEEARABBAEEATQBnAEEAdQBBAEQAZwBBAE4AZwBBAHQAQQBEAFEAQQBNAEEAQQAxAEEARABZAEEATgBBAEEAegBBAEQATQBBAE0AQQBBADUAQQBEAE0AQQBOAFEAQQB3AEEARABjAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 761 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6490091b-b556-46fd-9a43-993abfcb1dae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAyAEEARABBAEEATQBnAEEAdQBBAEQAZwBBAE4AZwBBAHQAQQBEAFEAQQBNAEEAQQAxAEEARABZAEEATgBBAEEAegBBAEQATQBBAE0AQQBBADUAQQBEAE0AQQBOAFEAQQB3AEEARABjAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 760 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6490091b-b556-46fd-9a43-993abfcb1dae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAyAEEARABBAEEATQBnAEEAdQBBAEQAZwBBAE4AZwBBAHQAQQBEAFEAQQBNAEEAQQAxAEEARABZAEEATgBBAEEAegBBAEQATQBBAE0AQQBBADUAQQBEAE0AQQBOAFEAQQB3AEEARABjAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 759 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6490091b-b556-46fd-9a43-993abfcb1dae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAyAEEARABBAEEATQBnAEEAdQBBAEQAZwBBAE4AZwBBAHQAQQBEAFEAQQBNAEEAQQAxAEEARABZAEEATgBBAEEAegBBAEQATQBBAE0AQQBBADUAQQBEAE0AQQBOAFEAQQB3AEEARABjAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 758 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6490091b-b556-46fd-9a43-993abfcb1dae
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAyAEEARABBAEEATQBnAEEAdQBBAEQAZwBBAE4AZwBBAHQAQQBEAFEAQQBNAEEAQQAxAEEARABZAEEATgBBAEEAegBBAEQATQBBAE0AQQBBADUAQQBEAE0AQQBOAFEAQQB3AEEARABjAEEASQBnAEEAZwBBAEMAMABBAFIAZwBCAHYAQQBIAEkAQQBZAHcAQgBsAEEAQwBBAEEATABRAEIAUwBBAEcAVQBBAFkAdwBCADEAQQBIAEkAQQBjAHcAQgBsAEEARABzAEEAQwBnAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBDADAAQQBiAGcAQgB2AEEASABRAEEASQBBAEEAawBBAEQAOABBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBKAEEARwBZAEEASQBBAEEAbwBBAEUAYwBBAFoAUQBCADAAQQBDADAAQQBWAGcAQgBoAEEASABJAEEAYQBRAEIAaABBAEcASQBBAGIAQQBCAGwAQQBDAEEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEEAdABBAEUAVQBBAGMAZwBCAHkAQQBHADgAQQBjAGcAQgBCAEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBGAE0AQQBhAFEAQgBzAEEARwBVAEEAYgBnAEIAMABBAEcAdwBBAGUAUQBCAEQAQQBHADgAQQBiAGcAQgAwAEEARwBrAEEAYgBnAEIAMQBBAEcAVQBBAEsAUQBBAGcAQQBIAHMAQQBJAEEAQgBsAEEASABnAEEAYQBRAEIAMABBAEMAQQBBAEoAQQBCAE0AQQBFAEUAQQBVAHcAQgBVAEEARQBVAEEAVwBBAEIASgBBAEYAUQBBAFEAdwBCAFAAQQBFAFEAQQBSAFEAQQBnAEEASAAwAEEASQBBAEIARgBBAEcAdwBBAGMAdwBCAGwAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAHgAQQBDAEEAQQBmAFEAQQBnAEEASAAwAEEA
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 757 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f342031-a4af-4558-927a-3c5ff4ec3268
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c927e438-96f8-412c-89f0-5a91b9ed2acf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 756 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=53119a78-fb76-42fe-bd04-0d68952912a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7b7524a5-18f0-4c6f-bb20-0f70b22354ac
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 755 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=53119a78-fb76-42fe-bd04-0d68952912a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 754 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=53119a78-fb76-42fe-bd04-0d68952912a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 753 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=53119a78-fb76-42fe-bd04-0d68952912a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 752 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=53119a78-fb76-42fe-bd04-0d68952912a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 751 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=53119a78-fb76-42fe-bd04-0d68952912a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 750 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=53119a78-fb76-42fe-bd04-0d68952912a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 749 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=53119a78-fb76-42fe-bd04-0d68952912a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 748 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=53119a78-fb76-42fe-bd04-0d68952912a8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 747 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f342031-a4af-4558-927a-3c5ff4ec3268
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c927e438-96f8-412c-89f0-5a91b9ed2acf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 746 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f342031-a4af-4558-927a-3c5ff4ec3268
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 745 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f342031-a4af-4558-927a-3c5ff4ec3268
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 744 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f342031-a4af-4558-927a-3c5ff4ec3268
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 743 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f342031-a4af-4558-927a-3c5ff4ec3268
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 742 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f342031-a4af-4558-927a-3c5ff4ec3268
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 741 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f342031-a4af-4558-927a-3c5ff4ec3268
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 740 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e7711fb4-e473-4894-86eb-00b3a5b9e0ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA2ADAAMgAuADgANgAtADQAMAA1ADYANAAzADMAMAA5ADMANQAwADcAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=c9b0e6d2-5cad-4773-9c4f-10262d0eec33
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 739 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e7711fb4-e473-4894-86eb-00b3a5b9e0ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA2ADAAMgAuADgANgAtADQAMAA1ADYANAAzADMAMAA5ADMANQAwADcAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=c9b0e6d2-5cad-4773-9c4f-10262d0eec33
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 738 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e7711fb4-e473-4894-86eb-00b3a5b9e0ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA2ADAAMgAuADgANgAtADQAMAA1ADYANAAzADMAMAA5ADMANQAwADcAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 737 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e7711fb4-e473-4894-86eb-00b3a5b9e0ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA2ADAAMgAuADgANgAtADQAMAA1ADYANAAzADMAMAA5ADMANQAwADcAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 736 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e7711fb4-e473-4894-86eb-00b3a5b9e0ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA2ADAAMgAuADgANgAtADQAMAA1ADYANAAzADMAMAA5ADMANQAwADcAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 735 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e7711fb4-e473-4894-86eb-00b3a5b9e0ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA2ADAAMgAuADgANgAtADQAMAA1ADYANAAzADMAMAA5ADMANQAwADcAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 734 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e7711fb4-e473-4894-86eb-00b3a5b9e0ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA2ADAAMgAuADgANgAtADQAMAA1ADYANAAzADMAMAA5ADMANQAwADcAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 733 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e7711fb4-e473-4894-86eb-00b3a5b9e0ee
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA2ADAAMgAuADgANgAtADQAMAA1ADYANAAzADMAMAA5ADMANQAwADcAXABzAG8AdQByAGMAZQAnAAoAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAEMAbwBuAHQAaQBuAHUAZQAiAAoAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQAgAD0AIAAiAFMAdABvAHAAIgAKAFMAZQB0AC0AUwB0AHIAaQBjAHQATQBvAGQAZQAgAC0AVgBlAHIAcwBpAG8AbgAgADIACgAkAGYAZAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4ARgBpAGwAZQBdADoAOgBDAHIAZQBhAHQAZQAoACQAcABhAHQAaAApAAoAJABzAGgAYQAxACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFMASABBADEAQwByAHkAcAB0AG8AUwBlAHIAdgBpAGMAZQBQAHIAbwB2AGkAZABlAHIAXQA6ADoAQwByAGUAYQB0AGUAKAApAAoAJABiAHkAdABlAHMAIAA9ACAAQAAoACkAIAAjAGkAbgBpAHQAaQBhAGwAaQB6AGUAIABmAG8AcgAgAGUAbQBwAHQAeQAgAGYAaQBsAGUAIABjAGEAcwBlAAoAfQAKAHAAcgBvAGMAZQBzAHMAIAB7AAoAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAaQBuAHAAdQB0ACkACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAAsACAAJABiAHkAdABlAHMALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGYAZAAuAFcAcgBpAHQAZQAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACkACgB9AAoAZQBuAGQAIAB7AAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0ARgBpAG4AYQBsAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABoAGEAcwBoACAAPQAgAFsAUwB5AHMAdABlAG0ALgBCAGkAdABDAG8AbgB2AGUAcgB0AGUAcgBdADoAOgBUAG8AUwB0AHIAaQBuAGcAKAAkAHMAaABhADEALgBIAGEAcwBoACkALgBSAGUAcABsAGEAYwBlACgAIgAtACIALAAgACIAIgApAC4AVABvAEwAbwB3AGUAcgBJAG4AdgBhAHIAaQBhAG4AdAAoACkACgAkAGYAZAAuAEMAbABvAHMAZQAoACkACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgACIAewAiACIAcwBoAGEAMQAiACIAOgAiACIAJABoAGEAcwBoACIAIgB9ACIACgB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 732 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=92d31e52-9006-41bc-99ca-d763fc4e2792
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f2b37d4f-2d10-441a-9a71-1a51c48f413d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 731 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ff0bbdb-4d55-4f2d-ad6b-a822d17c89c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e35b3dab-5f86-433f-98f7-77bd412d8dbd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 730 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ff0bbdb-4d55-4f2d-ad6b-a822d17c89c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 729 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ff0bbdb-4d55-4f2d-ad6b-a822d17c89c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 728 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ff0bbdb-4d55-4f2d-ad6b-a822d17c89c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 727 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ff0bbdb-4d55-4f2d-ad6b-a822d17c89c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 726 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ff0bbdb-4d55-4f2d-ad6b-a822d17c89c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 725 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ff0bbdb-4d55-4f2d-ad6b-a822d17c89c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 724 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ff0bbdb-4d55-4f2d-ad6b-a822d17c89c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 723 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=6ff0bbdb-4d55-4f2d-ad6b-a822d17c89c7
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 722 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=92d31e52-9006-41bc-99ca-d763fc4e2792
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f2b37d4f-2d10-441a-9a71-1a51c48f413d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 721 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=92d31e52-9006-41bc-99ca-d763fc4e2792
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 720 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=92d31e52-9006-41bc-99ca-d763fc4e2792
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 719 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=92d31e52-9006-41bc-99ca-d763fc4e2792
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 718 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=92d31e52-9006-41bc-99ca-d763fc4e2792
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 717 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=92d31e52-9006-41bc-99ca-d763fc4e2792
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 716 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=92d31e52-9006-41bc-99ca-d763fc4e2792
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 715 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1a85d36-d44e-4c30-a3d5-f20ea273af8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAFkAQQBNAEEAQQB5AEEAQwA0AEEATwBBAEEAMgBBAEMAMABBAE4AQQBBAHcAQQBEAFUAQQBOAGcAQQAwAEEARABNAEEATQB3AEEAdwBBAEQAawBBAE0AdwBBADEAQQBEAEEAQQBOAHcAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=5.1.14393.1944
RunspaceId=c07af064-256e-4bc8-9ec4-414a9a0a57d1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 714 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=91c4a5aa-21dd-4f0e-99b2-0ed9c11f7e81
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADYAMAAyAC4AOAA2AC0ANAAwADUANgA0ADMAMwAwADkAMwA1ADAANwAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=5.1.14393.1944
RunspaceId=40a1b96c-483c-4b93-a7f0-76f31327f405
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 713 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=91c4a5aa-21dd-4f0e-99b2-0ed9c11f7e81
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADYAMAAyAC4AOAA2AC0ANAAwADUANgA0ADMAMwAwADkAMwA1ADAANwAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=5.1.14393.1944
RunspaceId=40a1b96c-483c-4b93-a7f0-76f31327f405
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 712 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=91c4a5aa-21dd-4f0e-99b2-0ed9c11f7e81
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADYAMAAyAC4AOAA2AC0ANAAwADUANgA0ADMAMwAwADkAMwA1ADAANwAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 711 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=91c4a5aa-21dd-4f0e-99b2-0ed9c11f7e81
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADYAMAAyAC4AOAA2AC0ANAAwADUANgA0ADMAMwAwADkAMwA1ADAANwAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 710 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=91c4a5aa-21dd-4f0e-99b2-0ed9c11f7e81
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADYAMAAyAC4AOAA2AC0ANAAwADUANgA0ADMAMwAwADkAMwA1ADAANwAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 709 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=91c4a5aa-21dd-4f0e-99b2-0ed9c11f7e81
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADYAMAAyAC4AOAA2AC0ANAAwADUANgA0ADMAMwAwADkAMwA1ADAANwAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 708 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=91c4a5aa-21dd-4f0e-99b2-0ed9c11f7e81
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADYAMAAyAC4AOAA2AC0ANAAwADUANgA0ADMAMwAwADkAMwA1ADAANwAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 707 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=91c4a5aa-21dd-4f0e-99b2-0ed9c11f7e81
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADYAMAAyAC4AOAA2AC0ANAAwADUANgA0ADMAMwAwADkAMwA1ADAANwAnAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAtAEkAbgBwAHUAdABPAGIAagBlAGMAdAAgACQAdABtAHAALgBGAHUAbABsAE4AYQBtAGUACgBJAGYAIAAoAC0AbgBvAHQAIAAkAD8AKQAgAHsAIABJAGYAIAAoAEcAZQB0AC0AVgBhAHIAaQBhAGIAbABlACAATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAAtAEUAcgByAG8AcgBBAGMAdABpAG8AbgAgAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAKQAgAHsAIABlAHgAaQB0ACAAJABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAH0AIABFAGwAcwBlACAAewAgAGUAeABpAHQAIAAxACAAfQAgAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 706 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1a85d36-d44e-4c30-a3d5-f20ea273af8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAFkAQQBNAEEAQQB5AEEAQwA0AEEATwBBAEEAMgBBAEMAMABBAE4AQQBBAHcAQQBEAFUAQQBOAGcAQQAwAEEARABNAEEATQB3AEEAdwBBAEQAawBBAE0AdwBBADEAQQBEAEEAQQBOAHcAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=5.1.14393.1944
RunspaceId=c07af064-256e-4bc8-9ec4-414a9a0a57d1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 705 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1a85d36-d44e-4c30-a3d5-f20ea273af8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAFkAQQBNAEEAQQB5AEEAQwA0AEEATwBBAEEAMgBBAEMAMABBAE4AQQBBAHcAQQBEAFUAQQBOAGcAQQAwAEEARABNAEEATQB3AEEAdwBBAEQAawBBAE0AdwBBADEAQQBEAEEAQQBOAHcAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 704 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1a85d36-d44e-4c30-a3d5-f20ea273af8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAFkAQQBNAEEAQQB5AEEAQwA0AEEATwBBAEEAMgBBAEMAMABBAE4AQQBBAHcAQQBEAFUAQQBOAGcAQQAwAEEARABNAEEATQB3AEEAdwBBAEQAawBBAE0AdwBBADEAQQBEAEEAQQBOAHcAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 703 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1a85d36-d44e-4c30-a3d5-f20ea273af8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAFkAQQBNAEEAQQB5AEEAQwA0AEEATwBBAEEAMgBBAEMAMABBAE4AQQBBAHcAQQBEAFUAQQBOAGcAQQAwAEEARABNAEEATQB3AEEAdwBBAEQAawBBAE0AdwBBADEAQQBEAEEAQQBOAHcAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 702 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1a85d36-d44e-4c30-a3d5-f20ea273af8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAFkAQQBNAEEAQQB5AEEAQwA0AEEATwBBAEEAMgBBAEMAMABBAE4AQQBBAHcAQQBEAFUAQQBOAGcAQQAwAEEARABNAEEATQB3AEEAdwBBAEQAawBBAE0AdwBBADEAQQBEAEEAQQBOAHcAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 701 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1a85d36-d44e-4c30-a3d5-f20ea273af8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAFkAQQBNAEEAQQB5AEEAQwA0AEEATwBBAEEAMgBBAEMAMABBAE4AQQBBAHcAQQBEAFUAQQBOAGcAQQAwAEEARABNAEEATQB3AEEAdwBBAEQAawBBAE0AdwBBADEAQQBEAEEAQQBOAHcAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 700 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a1a85d36-d44e-4c30-a3d5-f20ea273af8d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAFkAQQBNAEEAQQB5AEEAQwA0AEEATwBBAEEAMgBBAEMAMABBAE4AQQBBAHcAQQBEAFUAQQBOAGcAQQAwAEEARABNAEEATQB3AEEAdwBBAEQAawBBAE0AdwBBADEAQQBEAEEAQQBOAHcAQQBuAEEAQQBvAEEAVgB3AEIAeQBBAEcAawBBAGQAQQBCAGwAQQBDADAAQQBUAHcAQgAxAEEASABRAEEAYwBBAEIAMQBBAEgAUQBBAEkAQQBBAHQAQQBFAGsAQQBiAGcAQgB3AEEASABVAEEAZABBAEIAUABBAEcASQBBAGEAZwBCAGwAQQBHAE0AQQBkAEEAQQBnAEEAQwBRAEEAZABBAEIAdABBAEgAQQBBAEwAZwBCAEcAQQBIAFUAQQBiAEEAQgBzAEEARQA0AEEAWQBRAEIAdABBAEcAVQBBAEMAZwBCAEoAQQBHAFkAQQBJAEEAQQBvAEEAQwAwAEEAYgBnAEIAdgBBAEgAUQBBAEkAQQBBAGsAQQBEADgAQQBLAFEAQQBnAEEASABzAEEASQBBAEIASgBBAEcAWQBBAEkAQQBBAG8AQQBFAGMAQQBaAFEAQgAwAEEAQwAwAEEAVgBnAEIAaABBAEgASQBBAGEAUQBCAGgAQQBHAEkAQQBiAEEAQgBsAEEAQwBBAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBBAHQAQQBFAFUAQQBjAGcAQgB5AEEARwA4AEEAYwBnAEIAQgBBAEcATQBBAGQAQQBCAHAAQQBHADgAQQBiAGcAQQBnAEEARgBNAEEAYQBRAEIAcwBBAEcAVQBBAGIAZwBCADAAQQBHAHcAQQBlAFEAQgBEAEEARwA4AEEAYgBnAEIAMABBAEcAawBBAGIAZwBCADEAQQBHAFUAQQBLAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBKAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEgAMABBAEkAQQBCAEYAQQBHAHcAQQBjAHcAQgBsAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQB4AEEAQwBBAEEAZgBRAEEAZwBBAEgAMABBAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 699 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:03 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9be59a52-3c55-4382-aaf6-ea9672f24220
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAxAEEARABrAEEATwBBAEEAdQBBAEQAQQBBAEwAUQBBAHgAQQBEAFUAQQBPAEEAQQAyAEEARABrAEEATQB3AEEAdwBBAEQAUQBBAE4AQQBBADAAQQBEAGMAQQBNAHcAQQA1AEEARABVAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=b369eaa8-7e64-4bbe-b38b-bced71c647b5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 698 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7cf97299-152f-42ae-bcae-88618e6d02a5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAOAAuADAALQAxADUAOAA2ADkAMwAwADQANAA0ADcAMwA5ADUANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=16edb59d-b13e-48a5-8423-e28c582b805a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 697 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7cf97299-152f-42ae-bcae-88618e6d02a5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAOAAuADAALQAxADUAOAA2ADkAMwAwADQANAA0ADcAMwA5ADUANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=16edb59d-b13e-48a5-8423-e28c582b805a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 696 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7cf97299-152f-42ae-bcae-88618e6d02a5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAOAAuADAALQAxADUAOAA2ADkAMwAwADQANAA0ADcAMwA5ADUANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 695 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7cf97299-152f-42ae-bcae-88618e6d02a5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAOAAuADAALQAxADUAOAA2ADkAMwAwADQANAA0ADcAMwA5ADUANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 694 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7cf97299-152f-42ae-bcae-88618e6d02a5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAOAAuADAALQAxADUAOAA2ADkAMwAwADQANAA0ADcAMwA5ADUANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 693 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7cf97299-152f-42ae-bcae-88618e6d02a5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAOAAuADAALQAxADUAOAA2ADkAMwAwADQANAA0ADcAMwA5ADUANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 692 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7cf97299-152f-42ae-bcae-88618e6d02a5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAOAAuADAALQAxADUAOAA2ADkAMwAwADQANAA0ADcAMwA5ADUANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 691 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7cf97299-152f-42ae-bcae-88618e6d02a5
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAOAAuADAALQAxADUAOAA2ADkAMwAwADQANAA0ADcAMwA5ADUANAAiACAALQBGAG8AcgBjAGUAIAAtAFIAZQBjAHUAcgBzAGUAOwAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 690 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9be59a52-3c55-4382-aaf6-ea9672f24220
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAxAEEARABrAEEATwBBAEEAdQBBAEQAQQBBAEwAUQBBAHgAQQBEAFUAQQBPAEEAQQAyAEEARABrAEEATQB3AEEAdwBBAEQAUQBBAE4AQQBBADAAQQBEAGMAQQBNAHcAQQA1AEEARABVAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=5.1.14393.1944
RunspaceId=b369eaa8-7e64-4bbe-b38b-bced71c647b5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 689 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9be59a52-3c55-4382-aaf6-ea9672f24220
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAxAEEARABrAEEATwBBAEEAdQBBAEQAQQBBAEwAUQBBAHgAQQBEAFUAQQBPAEEAQQAyAEEARABrAEEATQB3AEEAdwBBAEQAUQBBAE4AQQBBADAAQQBEAGMAQQBNAHcAQQA1AEEARABVAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 688 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9be59a52-3c55-4382-aaf6-ea9672f24220
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAxAEEARABrAEEATwBBAEEAdQBBAEQAQQBBAEwAUQBBAHgAQQBEAFUAQQBPAEEAQQAyAEEARABrAEEATQB3AEEAdwBBAEQAUQBBAE4AQQBBADAAQQBEAGMAQQBNAHcAQQA1AEEARABVAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 687 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9be59a52-3c55-4382-aaf6-ea9672f24220
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAxAEEARABrAEEATwBBAEEAdQBBAEQAQQBBAEwAUQBBAHgAQQBEAFUAQQBPAEEAQQAyAEEARABrAEEATQB3AEEAdwBBAEQAUQBBAE4AQQBBADAAQQBEAGMAQQBNAHcAQQA1AEEARABVAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 686 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9be59a52-3c55-4382-aaf6-ea9672f24220
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAxAEEARABrAEEATwBBAEEAdQBBAEQAQQBBAEwAUQBBAHgAQQBEAFUAQQBPAEEAQQAyAEEARABrAEEATQB3AEEAdwBBAEQAUQBBAE4AQQBBADAAQQBEAGMAQQBNAHcAQQA1AEEARABVAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 685 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9be59a52-3c55-4382-aaf6-ea9672f24220
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAxAEEARABrAEEATwBBAEEAdQBBAEQAQQBBAEwAUQBBAHgAQQBEAFUAQQBPAEEAQQAyAEEARABrAEEATQB3AEEAdwBBAEQAUQBBAE4AQQBBADAAQQBEAGMAQQBNAHcAQQA1AEEARABVAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 684 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=9be59a52-3c55-4382-aaf6-ea9672f24220
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAxAEEARABrAEEATwBBAEEAdQBBAEQAQQBBAEwAUQBBAHgAQQBEAFUAQQBPAEEAQQAyAEEARABrAEEATQB3AEEAdwBBAEQAUQBBAE4AQQBBADAAQQBEAGMAQQBNAHcAQQA1AEEARABVAEEATgBBAEEAaQBBAEMAQQBBAEwAUQBCAEcAQQBHADgAQQBjAGcAQgBqAEEARwBVAEEASQBBAEEAdABBAEYASQBBAFoAUQBCAGoAQQBIAFUAQQBjAGcAQgB6AEEARwBVAEEATwB3AEEASwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBMAFEAQgB1AEEARwA4AEEAZABBAEEAZwBBAEMAUQBBAFAAdwBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARQBrAEEAWgBnAEEAZwBBAEMAZwBBAFIAdwBCAGwAQQBIAFEAQQBMAFEAQgBXAEEARwBFAEEAYwBnAEIAcABBAEcARQBBAFkAZwBCAHMAQQBHAFUAQQBJAEEAQgBNAEEARQBFAEEAVQB3AEIAVQBBAEUAVQBBAFcAQQBCAEoAQQBGAFEAQQBRAHcAQgBQAEEARQBRAEEAUgBRAEEAZwBBAEMAMABBAFIAUQBCAHkAQQBIAEkAQQBiAHcAQgB5AEEARQBFAEEAWQB3AEIAMABBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBVAHcAQgBwAEEARwB3AEEAWgBRAEIAdQBBAEgAUQBBAGIAQQBCADUAQQBFAE0AQQBiAHcAQgB1AEEASABRAEEAYQBRAEIAdQBBAEgAVQBBAFoAUQBBAHAAQQBDAEEAQQBlAHcAQQBnAEEARwBVAEEAZQBBAEIAcABBAEgAUQBBAEkAQQBBAGsAQQBFAHcAQQBRAFEAQgBUAEEARgBRAEEAUgBRAEIAWQBBAEUAawBBAFYAQQBCAEQAQQBFADgAQQBSAEEAQgBGAEEAQwBBAEEAZgBRAEEAZwBBAEUAVQBBAGIAQQBCAHoAQQBHAFUAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBEAEUAQQBJAEEAQgA5AEEAQwBBAEEAZgBRAEEAPQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 683 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f667aed5-1903-41e2-8202-0e85e00ea8fc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=406292aa-72a8-4477-849e-71e8beccf8f6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 682 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=151a0390-8b4d-4bc0-a3dc-087e6121a5b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3025fe35-6737-475f-b666-0a44a92f883a
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 681 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=151a0390-8b4d-4bc0-a3dc-087e6121a5b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 680 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=151a0390-8b4d-4bc0-a3dc-087e6121a5b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 679 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=151a0390-8b4d-4bc0-a3dc-087e6121a5b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 678 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=151a0390-8b4d-4bc0-a3dc-087e6121a5b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 677 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=151a0390-8b4d-4bc0-a3dc-087e6121a5b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 676 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=151a0390-8b4d-4bc0-a3dc-087e6121a5b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 675 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=151a0390-8b4d-4bc0-a3dc-087e6121a5b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 674 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=151a0390-8b4d-4bc0-a3dc-087e6121a5b8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 673 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:01 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f667aed5-1903-41e2-8202-0e85e00ea8fc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=406292aa-72a8-4477-849e-71e8beccf8f6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 672 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f667aed5-1903-41e2-8202-0e85e00ea8fc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 671 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f667aed5-1903-41e2-8202-0e85e00ea8fc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 670 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f667aed5-1903-41e2-8202-0e85e00ea8fc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 669 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f667aed5-1903-41e2-8202-0e85e00ea8fc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 668 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f667aed5-1903-41e2-8202-0e85e00ea8fc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 667 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f667aed5-1903-41e2-8202-0e85e00ea8fc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 666 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba289c75-5699-40d7-9f62-c1287276bb85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAOAAuADAALQAxADUAOAA2ADkAMwAwADQANAA0ADcAMwA5ADUANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=b573dc36-7778-4abe-8608-449aa2a70cbb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 665 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba289c75-5699-40d7-9f62-c1287276bb85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAOAAuADAALQAxADUAOAA2ADkAMwAwADQANAA0ADcAMwA5ADUANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=5.1.14393.1944
RunspaceId=b573dc36-7778-4abe-8608-449aa2a70cbb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 664 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba289c75-5699-40d7-9f62-c1287276bb85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAOAAuADAALQAxADUAOAA2ADkAMwAwADQANAA0ADcAMwA5ADUANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 663 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba289c75-5699-40d7-9f62-c1287276bb85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAOAAuADAALQAxADUAOAA2ADkAMwAwADQANAA0ADcAMwA5ADUANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 662 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba289c75-5699-40d7-9f62-c1287276bb85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAOAAuADAALQAxADUAOAA2ADkAMwAwADQANAA0ADcAMwA5ADUANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 661 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba289c75-5699-40d7-9f62-c1287276bb85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAOAAuADAALQAxADUAOAA2ADkAMwAwADQANAA0ADcAMwA5ADUANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 660 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba289c75-5699-40d7-9f62-c1287276bb85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAOAAuADAALQAxADUAOAA2ADkAMwAwADQANAA0ADcAMwA5ADUANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 659 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ba289c75-5699-40d7-9f62-c1287276bb85
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAOAAuADAALQAxADUAOAA2ADkAMwAwADQANAA0ADcAMwA5ADUANABcAHMAbwB1AHIAYwBlACcACgAkAEQAZQBiAHUAZwBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAQwBvAG4AdABpAG4AdQBlACIACgAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlACAAPQAgACIAUwB0AG8AcAAiAAoAUwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAAMgAKACQAZgBkACAAPQAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AEMAcgBlAGEAdABlACgAJABwAGEAdABoACkACgAkAHMAaABhADEAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFMAZQBjAHUAcgBpAHQAeQAuAEMAcgB5AHAAdABvAGcAcgBhAHAAaAB5AC4AUwBIAEEAMQBDAHIAeQBwAHQAbwBTAGUAcgB2AGkAYwBlAFAAcgBvAHYAaQBkAGUAcgBdADoAOgBDAHIAZQBhAHQAZQAoACkACgAkAGIAeQB0AGUAcwAgAD0AIABAACgAKQAgACMAaQBuAGkAdABpAGEAbABpAHoAZQAgAGYAbwByACAAZQBtAHAAdAB5ACAAZgBpAGwAZQAgAGMAYQBzAGUACgB9AAoAcAByAG8AYwBlAHMAcwAgAHsACgAkAGIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABpAG4AcAB1AHQAKQAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEIAbABvAGMAawAoACQAYgB5AHQAZQBzACwAIAAwACwAIAAkAGIAeQB0AGUAcwAuAEwAZQBuAGcAdABoACwAIAAkAGIAeQB0AGUAcwAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAZgBkAC4AVwByAGkAdABlACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgAKQAKAH0ACgBlAG4AZAAgAHsACgAkAHMAaABhADEALgBUAHIAYQBuAHMAZgBvAHIAbQBGAGkAbgBhAGwAQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgADAAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwACgAkAGgAYQBzAGgAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEIAaQB0AEMAbwBuAHYAZQByAHQAZQByAF0AOgA6AFQAbwBTAHQAcgBpAG4AZwAoACQAcwBoAGEAMQAuAEgAYQBzAGgAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAC0AIgAsACAAIgAiACkALgBUAG8ATABvAHcAZQByAEkAbgB2AGEAcgBpAGEAbgB0ACgAKQAKACQAZgBkAC4AQwBsAG8AcwBlACgAKQAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAIgB7ACIAIgBzAGgAYQAxACIAIgA6ACIAIgAkAGgAYQBzAGgAIgAiAH0AIgAKAH0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 658 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:40:00 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=718eeaee-e48a-45b7-ad84-057865237719
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=079fe388-be3a-483d-aaa7-a8f042fe1700
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 657 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a2af8987-9426-4b81-af37-0d739a4df505
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=becd7085-e023-4100-8816-fa38c6ac29e5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 656 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a2af8987-9426-4b81-af37-0d739a4df505
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 655 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a2af8987-9426-4b81-af37-0d739a4df505
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 654 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a2af8987-9426-4b81-af37-0d739a4df505
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 653 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a2af8987-9426-4b81-af37-0d739a4df505
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 652 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a2af8987-9426-4b81-af37-0d739a4df505
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 651 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a2af8987-9426-4b81-af37-0d739a4df505
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 650 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a2af8987-9426-4b81-af37-0d739a4df505
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 649 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=a2af8987-9426-4b81-af37-0d739a4df505
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 648 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:59 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=718eeaee-e48a-45b7-ad84-057865237719
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=079fe388-be3a-483d-aaa7-a8f042fe1700
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 647 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=718eeaee-e48a-45b7-ad84-057865237719
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 646 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=718eeaee-e48a-45b7-ad84-057865237719
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 645 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=718eeaee-e48a-45b7-ad84-057865237719
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 644 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=718eeaee-e48a-45b7-ad84-057865237719
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 643 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=718eeaee-e48a-45b7-ad84-057865237719
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 642 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=718eeaee-e48a-45b7-ad84-057865237719
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 641 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=79b95c62-c374-4f1e-9089-cd0d646d2e1a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAFUAQQBPAFEAQQA0AEEAQwA0AEEATQBBAEEAdABBAEQARQBBAE4AUQBBADQAQQBEAFkAQQBPAFEAQQB6AEEARABBAEEATgBBAEEAMABBAEQAUQBBAE4AdwBBAHoAQQBEAGsAQQBOAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=0c7e428e-9e96-4841-8e84-04f235e957ad
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 640 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f3aebc4-a307-4ca5-8ebb-52d45b7f5e3d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADUAOQA4AC4AMAAtADEANQA4ADYAOQAzADAANAA0ADQANwAzADkANQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=e92e7b7e-884d-4b2c-bc0c-dd4804fc5044
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 639 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f3aebc4-a307-4ca5-8ebb-52d45b7f5e3d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADUAOQA4AC4AMAAtADEANQA4ADYAOQAzADAANAA0ADQANwAzADkANQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=e92e7b7e-884d-4b2c-bc0c-dd4804fc5044
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 638 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f3aebc4-a307-4ca5-8ebb-52d45b7f5e3d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADUAOQA4AC4AMAAtADEANQA4ADYAOQAzADAANAA0ADQANwAzADkANQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 637 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f3aebc4-a307-4ca5-8ebb-52d45b7f5e3d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADUAOQA4AC4AMAAtADEANQA4ADYAOQAzADAANAA0ADQANwAzADkANQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 636 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f3aebc4-a307-4ca5-8ebb-52d45b7f5e3d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADUAOQA4AC4AMAAtADEANQA4ADYAOQAzADAANAA0ADQANwAzADkANQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 635 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f3aebc4-a307-4ca5-8ebb-52d45b7f5e3d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADUAOQA4AC4AMAAtADEANQA4ADYAOQAzADAANAA0ADQANwAzADkANQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 634 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f3aebc4-a307-4ca5-8ebb-52d45b7f5e3d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADUAOQA4AC4AMAAtADEANQA4ADYAOQAzADAANAA0ADQANwAzADkANQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 633 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1f3aebc4-a307-4ca5-8ebb-52d45b7f5e3d
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADUAOQA4AC4AMAAtADEANQA4ADYAOQAzADAANAA0ADQANwAzADkANQA0ACcACgBXAHIAaQB0AGUALQBPAHUAdABwAHUAdAAgAC0ASQBuAHAAdQB0AE8AYgBqAGUAYwB0ACAAJAB0AG0AcAAuAEYAdQBsAGwATgBhAG0AZQAKAEkAZgAgACgALQBuAG8AdAAgACQAPwApACAAewAgAEkAZgAgACgARwBlAHQALQBWAGEAcgBpAGEAYgBsAGUAIABMAEEAUwBUAEUAWABJAFQAQwBPAEQARQAgAC0ARQByAHIAbwByAEEAYwB0AGkAbwBuACAAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQApACAAewAgAGUAeABpAHQAIAAkAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAAfQAgAEUAbABzAGUAIAB7ACAAZQB4AGkAdAAgADEAIAB9ACAAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 632 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=79b95c62-c374-4f1e-9089-cd0d646d2e1a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAFUAQQBPAFEAQQA0AEEAQwA0AEEATQBBAEEAdABBAEQARQBBAE4AUQBBADQAQQBEAFkAQQBPAFEAQQB6AEEARABBAEEATgBBAEEAMABBAEQAUQBBAE4AdwBBAHoAQQBEAGsAQQBOAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=5.1.14393.1944
RunspaceId=0c7e428e-9e96-4841-8e84-04f235e957ad
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 631 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=79b95c62-c374-4f1e-9089-cd0d646d2e1a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAFUAQQBPAFEAQQA0AEEAQwA0AEEATQBBAEEAdABBAEQARQBBAE4AUQBBADQAQQBEAFkAQQBPAFEAQQB6AEEARABBAEEATgBBAEEAMABBAEQAUQBBAE4AdwBBAHoAQQBEAGsAQQBOAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 630 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=79b95c62-c374-4f1e-9089-cd0d646d2e1a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAFUAQQBPAFEAQQA0AEEAQwA0AEEATQBBAEEAdABBAEQARQBBAE4AUQBBADQAQQBEAFkAQQBPAFEAQQB6AEEARABBAEEATgBBAEEAMABBAEQAUQBBAE4AdwBBAHoAQQBEAGsAQQBOAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 629 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=79b95c62-c374-4f1e-9089-cd0d646d2e1a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAFUAQQBPAFEAQQA0AEEAQwA0AEEATQBBAEEAdABBAEQARQBBAE4AUQBBADQAQQBEAFkAQQBPAFEAQQB6AEEARABBAEEATgBBAEEAMABBAEQAUQBBAE4AdwBBAHoAQQBEAGsAQQBOAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 628 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=79b95c62-c374-4f1e-9089-cd0d646d2e1a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAFUAQQBPAFEAQQA0AEEAQwA0AEEATQBBAEEAdABBAEQARQBBAE4AUQBBADQAQQBEAFkAQQBPAFEAQQB6AEEARABBAEEATgBBAEEAMABBAEQAUQBBAE4AdwBBAHoAQQBEAGsAQQBOAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 627 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=79b95c62-c374-4f1e-9089-cd0d646d2e1a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAFUAQQBPAFEAQQA0AEEAQwA0AEEATQBBAEEAdABBAEQARQBBAE4AUQBBADQAQQBEAFkAQQBPAFEAQQB6AEEARABBAEEATgBBAEEAMABBAEQAUQBBAE4AdwBBAHoAQQBEAGsAQQBOAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 626 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=79b95c62-c374-4f1e-9089-cd0d646d2e1a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAFUAQQBPAFEAQQA0AEEAQwA0AEEATQBBAEEAdABBAEQARQBBAE4AUQBBADQAQQBEAFkAQQBPAFEAQQB6AEEARABBAEEATgBBAEEAMABBAEQAUQBBAE4AdwBBAHoAQQBEAGsAQQBOAFEAQQAwAEEAQwBjAEEAQwBnAEIAWABBAEgASQBBAGEAUQBCADAAQQBHAFUAQQBMAFEAQgBQAEEASABVAEEAZABBAEIAdwBBAEgAVQBBAGQAQQBBAGcAQQBDADAAQQBTAFEAQgB1AEEASABBAEEAZABRAEIAMABBAEUAOABBAFkAZwBCAHEAQQBHAFUAQQBZAHcAQgAwAEEAQwBBAEEASgBBAEIAMABBAEcAMABBAGMAQQBBAHUAQQBFAFkAQQBkAFEAQgBzAEEARwB3AEEAVABnAEIAaABBAEcAMABBAFoAUQBBAEsAQQBFAGsAQQBaAGcAQQBnAEEAQwBnAEEATABRAEIAdQBBAEcAOABBAGQAQQBBAGcAQQBDAFEAQQBQAHcAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEUAawBBAFoAZwBBAGcAQQBDAGcAQQBSAHcAQgBsAEEASABRAEEATABRAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEASQBBAEIATQBBAEUARQBBAFUAdwBCAFUAQQBFAFUAQQBXAEEAQgBKAEEARgBRAEEAUQB3AEIAUABBAEUAUQBBAFIAUQBBAGcAQQBDADAAQQBSAFEAQgB5AEEASABJAEEAYgB3AEIAeQBBAEUARQBBAFkAdwBCADAAQQBHAGsAQQBiAHcAQgB1AEEAQwBBAEEAVQB3AEIAcABBAEcAdwBBAFoAUQBCAHUAQQBIAFEAQQBiAEEAQgA1AEEARQBNAEEAYgB3AEIAdQBBAEgAUQBBAGEAUQBCAHUAQQBIAFUAQQBaAFEAQQBwAEEAQwBBAEEAZQB3AEEAZwBBAEcAVQBBAGUAQQBCAHAAQQBIAFEAQQBJAEEAQQBrAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAGYAUQBBAGcAQQBFAFUAQQBiAEEAQgB6AEEARwBVAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEARABFAEEASQBBAEIAOQBBAEMAQQBBAGYAUQBBAD0A
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 625 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:58 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=65850717-43a5-48ca-b217-7c4c4c0be0b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAxAEEARABrAEEATQB3AEEAdQBBAEQASQBBAE0AUQBBAHQAQQBEAEkAQQBOAGcAQQA1AEEARABrAEEATgBRAEEANABBAEQAQQBBAE0AdwBBAHoAQQBEAGMAQQBNAGcAQQB6AEEARABrAEEATwBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=fc8202d7-6efb-4a72-ac6f-b4c2e475578d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 624 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8e87ae29-4b34-432a-a302-a1799108dcf0
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAMwAuADIAMQAtADIANgA5ADkANQA4ADAAMwAzADcAMgAzADkAOQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=10216ce6-a034-409a-a78a-9e5556a7ffce
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 623 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8e87ae29-4b34-432a-a302-a1799108dcf0
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAMwAuADIAMQAtADIANgA5ADkANQA4ADAAMwAzADcAMgAzADkAOQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=10216ce6-a034-409a-a78a-9e5556a7ffce
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 622 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8e87ae29-4b34-432a-a302-a1799108dcf0
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAMwAuADIAMQAtADIANgA5ADkANQA4ADAAMwAzADcAMgAzADkAOQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 621 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8e87ae29-4b34-432a-a302-a1799108dcf0
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAMwAuADIAMQAtADIANgA5ADkANQA4ADAAMwAzADcAMgAzADkAOQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 620 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8e87ae29-4b34-432a-a302-a1799108dcf0
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAMwAuADIAMQAtADIANgA5ADkANQA4ADAAMwAzADcAMgAzADkAOQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 619 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8e87ae29-4b34-432a-a302-a1799108dcf0
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAMwAuADIAMQAtADIANgA5ADkANQA4ADAAMwAzADcAMgAzADkAOQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 618 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8e87ae29-4b34-432a-a302-a1799108dcf0
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAMwAuADIAMQAtADIANgA5ADkANQA4ADAAMwAzADcAMgAzADkAOQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 617 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8e87ae29-4b34-432a-a302-a1799108dcf0
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgBSAGUAbQBvAHYAZQAtAEkAdABlAG0AIAAiAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAMwAuADIAMQAtADIANgA5ADkANQA4ADAAMwAzADcAMgAzADkAOQAyACIAIAAtAEYAbwByAGMAZQAgAC0AUgBlAGMAdQByAHMAZQA7AAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 616 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=65850717-43a5-48ca-b217-7c4c4c0be0b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAxAEEARABrAEEATQB3AEEAdQBBAEQASQBBAE0AUQBBAHQAQQBEAEkAQQBOAGcAQQA1AEEARABrAEEATgBRAEEANABBAEQAQQBBAE0AdwBBAHoAQQBEAGMAQQBNAGcAQQB6AEEARABrAEEATwBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=5.1.14393.1944
RunspaceId=fc8202d7-6efb-4a72-ac6f-b4c2e475578d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 615 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=65850717-43a5-48ca-b217-7c4c4c0be0b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAxAEEARABrAEEATQB3AEEAdQBBAEQASQBBAE0AUQBBAHQAQQBEAEkAQQBOAGcAQQA1AEEARABrAEEATgBRAEEANABBAEQAQQBBAE0AdwBBAHoAQQBEAGMAQQBNAGcAQQB6AEEARABrAEEATwBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 614 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=65850717-43a5-48ca-b217-7c4c4c0be0b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAxAEEARABrAEEATQB3AEEAdQBBAEQASQBBAE0AUQBBAHQAQQBEAEkAQQBOAGcAQQA1AEEARABrAEEATgBRAEEANABBAEQAQQBBAE0AdwBBAHoAQQBEAGMAQQBNAGcAQQB6AEEARABrAEEATwBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 613 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=65850717-43a5-48ca-b217-7c4c4c0be0b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAxAEEARABrAEEATQB3AEEAdQBBAEQASQBBAE0AUQBBAHQAQQBEAEkAQQBOAGcAQQA1AEEARABrAEEATgBRAEEANABBAEQAQQBBAE0AdwBBAHoAQQBEAGMAQQBNAGcAQQB6AEEARABrAEEATwBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 612 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=65850717-43a5-48ca-b217-7c4c4c0be0b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAxAEEARABrAEEATQB3AEEAdQBBAEQASQBBAE0AUQBBAHQAQQBEAEkAQQBOAGcAQQA1AEEARABrAEEATgBRAEEANABBAEQAQQBBAE0AdwBBAHoAQQBEAGMAQQBNAGcAQQB6AEEARABrAEEATwBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 611 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=65850717-43a5-48ca-b217-7c4c4c0be0b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAxAEEARABrAEEATQB3AEEAdQBBAEQASQBBAE0AUQBBAHQAQQBEAEkAQQBOAGcAQQA1AEEARABrAEEATgBRAEEANABBAEQAQQBBAE0AdwBBAHoAQQBEAGMAQQBNAGcAQQB6AEEARABrAEEATwBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 610 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=65850717-43a5-48ca-b217-7c4c4c0be0b4
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBCAFMAQQBHAFUAQQBiAFEAQgB2AEEASABZAEEAWgBRAEEAdABBAEUAawBBAGQAQQBCAGwAQQBHADAAQQBJAEEAQQBpAEEARQBNAEEATwBnAEIAYwBBAEYAVQBBAGMAdwBCAGwAQQBIAEkAQQBjAHcAQgBjAEEARQBFAEEAWgBBAEIAdABBAEcAawBBAGIAZwBCAGMAQQBFAEUAQQBjAEEAQgB3AEEARQBRAEEAWQBRAEIAMABBAEcARQBBAFgAQQBCAE0AQQBHADgAQQBZAHcAQgBoAEEARwB3AEEAWABBAEIAVQBBAEcAVQBBAGIAUQBCAHcAQQBGAHcAQQBZAFEAQgB1AEEASABNAEEAYQBRAEIAaQBBAEcAdwBBAFoAUQBBAHQAQQBIAFEAQQBiAFEAQgB3AEEAQwAwAEEATQBRAEEAMgBBAEQARQBBAE0AUQBBADQAQQBEAFUAQQBOAFEAQQAxAEEARABrAEEATQB3AEEAdQBBAEQASQBBAE0AUQBBAHQAQQBEAEkAQQBOAGcAQQA1AEEARABrAEEATgBRAEEANABBAEQAQQBBAE0AdwBBAHoAQQBEAGMAQQBNAGcAQQB6AEEARABrAEEATwBRAEEAeQBBAEMASQBBAEkAQQBBAHQAQQBFAFkAQQBiAHcAQgB5AEEARwBNAEEAWgBRAEEAZwBBAEMAMABBAFUAZwBCAGwAQQBHAE0AQQBkAFEAQgB5AEEASABNAEEAWgBRAEEANwBBAEEAbwBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQQB0AEEARwA0AEEAYgB3AEIAMABBAEMAQQBBAEoAQQBBAC8AQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAUwBRAEIAbQBBAEMAQQBBAEsAQQBCAEgAQQBHAFUAQQBkAEEAQQB0AEEARgBZAEEAWQBRAEIAeQBBAEcAawBBAFkAUQBCAGkAQQBHAHcAQQBaAFEAQQBnAEEARQB3AEEAUQBRAEIAVABBAEYAUQBBAFIAUQBCAFkAQQBFAGsAQQBWAEEAQgBEAEEARQA4AEEAUgBBAEIARgBBAEMAQQBBAEwAUQBCAEYAQQBIAEkAQQBjAGcAQgB2AEEASABJAEEAUQBRAEIAagBBAEgAUQBBAGEAUQBCAHYAQQBHADQAQQBJAEEAQgBUAEEARwBrAEEAYgBBAEIAbABBAEcANABBAGQAQQBCAHMAQQBIAGsAQQBRAHcAQgB2AEEARwA0AEEAZABBAEIAcABBAEcANABBAGQAUQBCAGwAQQBDAGsAQQBJAEEAQgA3AEEAQwBBAEEAWgBRAEIANABBAEcAawBBAGQAQQBBAGcAQQBDAFEAQQBUAEEAQgBCAEEARgBNAEEAVgBBAEIARgBBAEYAZwBBAFMAUQBCAFUAQQBFAE0AQQBUAHcAQgBFAEEARQBVAEEASQBBAEIAOQBBAEMAQQBBAFIAUQBCAHMAQQBIAE0AQQBaAFEAQQBnAEEASABzAEEASQBBAEIAbABBAEgAZwBBAGEAUQBCADAAQQBDAEEAQQBNAFEAQQBnAEEASAAwAEEASQBBAEIAOQBBAEEAPQA9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 609 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cd998734-77ff-4d20-9827-0a7bed0a78ec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a183f85d-bb5e-4355-bbaf-1331dda51fdc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 608 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:57 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2c795435-dc97-4d47-9d89-e4d69363ae65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3d5fe0b0-64c1-4391-9769-dfae83faec62
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 607 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2c795435-dc97-4d47-9d89-e4d69363ae65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 606 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2c795435-dc97-4d47-9d89-e4d69363ae65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 605 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2c795435-dc97-4d47-9d89-e4d69363ae65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 604 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2c795435-dc97-4d47-9d89-e4d69363ae65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 603 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2c795435-dc97-4d47-9d89-e4d69363ae65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 602 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2c795435-dc97-4d47-9d89-e4d69363ae65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 601 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2c795435-dc97-4d47-9d89-e4d69363ae65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 600 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2c795435-dc97-4d47-9d89-e4d69363ae65
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 599 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cd998734-77ff-4d20-9827-0a7bed0a78ec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a183f85d-bb5e-4355-bbaf-1331dda51fdc
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 598 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cd998734-77ff-4d20-9827-0a7bed0a78ec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 597 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cd998734-77ff-4d20-9827-0a7bed0a78ec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 596 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cd998734-77ff-4d20-9827-0a7bed0a78ec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 595 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cd998734-77ff-4d20-9827-0a7bed0a78ec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 594 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cd998734-77ff-4d20-9827-0a7bed0a78ec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 593 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cd998734-77ff-4d20-9827-0a7bed0a78ec
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 592 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:56 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=133c3b82-6201-4e13-84fd-a08f3054038c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAMwAuADIAMQAtADIANgA5ADkANQA4ADAAMwAzADcAMgAzADkAOQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=5c6f5e3c-c808-433d-ae08-d390d1cfc3d5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 591 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=133c3b82-6201-4e13-84fd-a08f3054038c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAMwAuADIAMQAtADIANgA5ADkANQA4ADAAMwAzADcAMgAzADkAOQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=5.1.14393.1944
RunspaceId=5c6f5e3c-c808-433d-ae08-d390d1cfc3d5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 590 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=133c3b82-6201-4e13-84fd-a08f3054038c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAMwAuADIAMQAtADIANgA5ADkANQA4ADAAMwAzADcAMgAzADkAOQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 589 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=133c3b82-6201-4e13-84fd-a08f3054038c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAMwAuADIAMQAtADIANgA5ADkANQA4ADAAMwAzADcAMgAzADkAOQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 588 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=133c3b82-6201-4e13-84fd-a08f3054038c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAMwAuADIAMQAtADIANgA5ADkANQA4ADAAMwAzADcAMgAzADkAOQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 587 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=133c3b82-6201-4e13-84fd-a08f3054038c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAMwAuADIAMQAtADIANgA5ADkANQA4ADAAMwAzADcAMgAzADkAOQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 586 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=133c3b82-6201-4e13-84fd-a08f3054038c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAMwAuADIAMQAtADIANgA5ADkANQA4ADAAMwAzADcAMgAzADkAOQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 585 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=133c3b82-6201-4e13-84fd-a08f3054038c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand YgBlAGcAaQBuACAAewAKACQAcABhAHQAaAAgAD0AIAAnAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAYQBuAHMAaQBiAGwAZQAtAHQAbQBwAC0AMQA2ADEAMQA4ADUANQA1ADkAMwAuADIAMQAtADIANgA5ADkANQA4ADAAMwAzADcAMgAzADkAOQAyAFwAcwBvAHUAcgBjAGUAJwAKACQARABlAGIAdQBnAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBDAG8AbgB0AGkAbgB1AGUAIgAKACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAIgBTAHQAbwBwACIACgBTAGUAdAAtAFMAdAByAGkAYwB0AE0AbwBkAGUAIAAtAFYAZQByAHMAaQBvAG4AIAAyAAoAJABmAGQAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAQwByAGUAYQB0AGUAKAAkAHAAYQB0AGgAKQAKACQAcwBoAGEAMQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBTAEgAQQAxAEMAcgB5AHAAdABvAFMAZQByAHYAaQBjAGUAUAByAG8AdgBpAGQAZQByAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACQAYgB5AHQAZQBzACAAPQAgAEAAKAApACAAIwBpAG4AaQB0AGkAYQBsAGkAegBlACAAZgBvAHIAIABlAG0AcAB0AHkAIABmAGkAbABlACAAYwBhAHMAZQAKAH0ACgBwAHIAbwBjAGUAcwBzACAAewAKACQAYgB5AHQAZQBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAGkAbgBwAHUAdAApAAoAJABzAGgAYQAxAC4AVAByAGEAbgBzAGYAbwByAG0AQgBsAG8AYwBrACgAJABiAHkAdABlAHMALAAgADAALAAgACQAYgB5AHQAZQBzAC4ATABlAG4AZwB0AGgALAAgACQAYgB5AHQAZQBzACwAIAAwACkAIAB8ACAATwB1AHQALQBOAHUAbABsAAoAJABmAGQALgBXAHIAaQB0AGUAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAJABiAHkAdABlAHMALgBMAGUAbgBnAHQAaAApAAoAfQAKAGUAbgBkACAAewAKACQAcwBoAGEAMQAuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkAGIAeQB0AGUAcwAsACAAMAAsACAAMAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAAKACQAaABhAHMAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQgBpAHQAQwBvAG4AdgBlAHIAdABlAHIAXQA6ADoAVABvAFMAdAByAGkAbgBnACgAJABzAGgAYQAxAC4ASABhAHMAaAApAC4AUgBlAHAAbABhAGMAZQAoACIALQAiACwAIAAiACIAKQAuAFQAbwBMAG8AdwBlAHIASQBuAHYAYQByAGkAYQBuAHQAKAApAAoAJABmAGQALgBDAGwAbwBzAGUAKAApAAoAVwByAGkAdABlAC0ATwB1AHQAcAB1AHQAIAAiAHsAIgAiAHMAaABhADEAIgAiADoAIgAiACQAaABhAHMAaAAiACIAfQAiAAoAfQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 584 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fc0b71b8-f5c3-44e8-a472-8ee7994c8997
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b26fbd70-1cf3-41fe-8a7e-207b06fab9df
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 583 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d8804a08-9116-4a2a-8583-d0c2f1593914
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=3f239f52-5105-4ac5-a812-3b2f8c13746b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 582 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d8804a08-9116-4a2a-8583-d0c2f1593914
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 581 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d8804a08-9116-4a2a-8583-d0c2f1593914
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 580 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d8804a08-9116-4a2a-8583-d0c2f1593914
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 579 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d8804a08-9116-4a2a-8583-d0c2f1593914
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 578 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d8804a08-9116-4a2a-8583-d0c2f1593914
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 577 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d8804a08-9116-4a2a-8583-d0c2f1593914
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 576 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d8804a08-9116-4a2a-8583-d0c2f1593914
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 575 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d8804a08-9116-4a2a-8583-d0c2f1593914
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 574 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fc0b71b8-f5c3-44e8-a472-8ee7994c8997
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b26fbd70-1cf3-41fe-8a7e-207b06fab9df
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 573 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fc0b71b8-f5c3-44e8-a472-8ee7994c8997
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 572 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fc0b71b8-f5c3-44e8-a472-8ee7994c8997
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 571 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fc0b71b8-f5c3-44e8-a472-8ee7994c8997
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 570 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fc0b71b8-f5c3-44e8-a472-8ee7994c8997
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 569 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fc0b71b8-f5c3-44e8-a472-8ee7994c8997
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 568 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fc0b71b8-f5c3-44e8-a472-8ee7994c8997
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 567 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ae573d6a-2c94-41fb-8e23-fe1490e3cc66
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAFUAQQBPAFEAQQB6AEEAQwA0AEEATQBnAEEAeABBAEMAMABBAE0AZwBBADIAQQBEAGsAQQBPAFEAQQAxAEEARABnAEEATQBBAEEAegBBAEQATQBBAE4AdwBBAHkAQQBEAE0AQQBPAFEAQQA1AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=010382ee-0ae0-459a-a680-85cc4d247ede
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 566 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b79cd158-4e14-43ea-9fe8-01d85b6618c1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADUAOQAzAC4AMgAxAC0AMgA2ADkAOQA1ADgAMAAzADMANwAyADMAOQA5ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=638ca085-0adc-4e99-b44a-5e19850c68fd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 565 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:54 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b79cd158-4e14-43ea-9fe8-01d85b6618c1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADUAOQAzAC4AMgAxAC0AMgA2ADkAOQA1ADgAMAAzADMANwAyADMAOQA5ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=5.1.14393.1944
RunspaceId=638ca085-0adc-4e99-b44a-5e19850c68fd
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 564 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b79cd158-4e14-43ea-9fe8-01d85b6618c1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADUAOQAzAC4AMgAxAC0AMgA2ADkAOQA1ADgAMAAzADMANwAyADMAOQA5ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 563 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b79cd158-4e14-43ea-9fe8-01d85b6618c1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADUAOQAzAC4AMgAxAC0AMgA2ADkAOQA1ADgAMAAzADMANwAyADMAOQA5ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 562 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b79cd158-4e14-43ea-9fe8-01d85b6618c1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADUAOQAzAC4AMgAxAC0AMgA2ADkAOQA1ADgAMAAzADMANwAyADMAOQA5ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 561 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b79cd158-4e14-43ea-9fe8-01d85b6618c1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADUAOQAzAC4AMgAxAC0AMgA2ADkAOQA1ADgAMAAzADMANwAyADMAOQA5ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 560 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b79cd158-4e14-43ea-9fe8-01d85b6618c1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADUAOQAzAC4AMgAxAC0AMgA2ADkAOQA1ADgAMAAzADMANwAyADMAOQA5ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 559 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b79cd158-4e14-43ea-9fe8-01d85b6618c1
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UwBlAHQALQBTAHQAcgBpAGMAdABNAG8AZABlACAALQBWAGUAcgBzAGkAbwBuACAATABhAHQAZQBzAHQACgAkAHQAbQBwAF8AcABhAHQAaAAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AEUAeABwAGEAbgBkAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABWAGEAcgBpAGEAYgBsAGUAcwAoACcAJQBUAEUATQBQACUAJwApAAoAJAB0AG0AcAAgAD0AIABOAGUAdwAtAEkAdABlAG0AIAAtAFQAeQBwAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAC0AUABhAHQAaAAgACQAdABtAHAAXwBwAGEAdABoACAALQBOAGEAbQBlACAAJwBhAG4AcwBpAGIAbABlAC0AdABtAHAALQAxADYAMQAxADgANQA1ADUAOQAzAC4AMgAxAC0AMgA2ADkAOQA1ADgAMAAzADMANwAyADMAOQA5ADIAJwAKAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAALQBJAG4AcAB1AHQATwBiAGoAZQBjAHQAIAAkAHQAbQBwAC4ARgB1AGwAbABOAGEAbQBlAAoASQBmACAAKAAtAG4AbwB0ACAAJAA/ACkAIAB7ACAASQBmACAAKABHAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEwAQQBTAFQARQBYAEkAVABDAE8ARABFACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACkAIAB7ACAAZQB4AGkAdAAgACQATABBAFMAVABFAFgASQBUAEMATwBEAEUAIAB9ACAARQBsAHMAZQAgAHsAIABlAHgAaQB0ACAAMQAgAH0AIAB9AA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 558 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ae573d6a-2c94-41fb-8e23-fe1490e3cc66
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAFUAQQBPAFEAQQB6AEEAQwA0AEEATQBnAEEAeABBAEMAMABBAE0AZwBBADIAQQBEAGsAQQBPAFEAQQAxAEEARABnAEEATQBBAEEAegBBAEQATQBBAE4AdwBBAHkAQQBEAE0AQQBPAFEAQQA1AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=5.1.14393.1944
RunspaceId=010382ee-0ae0-459a-a680-85cc4d247ede
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 557 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ae573d6a-2c94-41fb-8e23-fe1490e3cc66
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAFUAQQBPAFEAQQB6AEEAQwA0AEEATQBnAEEAeABBAEMAMABBAE0AZwBBADIAQQBEAGsAQQBPAFEAQQAxAEEARABnAEEATQBBAEEAegBBAEQATQBBAE4AdwBBAHkAQQBEAE0AQQBPAFEAQQA1AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 556 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ae573d6a-2c94-41fb-8e23-fe1490e3cc66
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAFUAQQBPAFEAQQB6AEEAQwA0AEEATQBnAEEAeABBAEMAMABBAE0AZwBBADIAQQBEAGsAQQBPAFEAQQAxAEEARABnAEEATQBBAEEAegBBAEQATQBBAE4AdwBBAHkAQQBEAE0AQQBPAFEAQQA1AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 555 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ae573d6a-2c94-41fb-8e23-fe1490e3cc66
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAFUAQQBPAFEAQQB6AEEAQwA0AEEATQBnAEEAeABBAEMAMABBAE0AZwBBADIAQQBEAGsAQQBPAFEAQQAxAEEARABnAEEATQBBAEEAegBBAEQATQBBAE4AdwBBAHkAQQBEAE0AQQBPAFEAQQA1AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 554 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ae573d6a-2c94-41fb-8e23-fe1490e3cc66
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAFUAQQBPAFEAQQB6AEEAQwA0AEEATQBnAEEAeABBAEMAMABBAE0AZwBBADIAQQBEAGsAQQBPAFEAQQAxAEEARABnAEEATQBBAEEAegBBAEQATQBBAE4AdwBBAHkAQQBEAE0AQQBPAFEAQQA1AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 553 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ae573d6a-2c94-41fb-8e23-fe1490e3cc66
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAFUAQQBPAFEAQQB6AEEAQwA0AEEATQBnAEEAeABBAEMAMABBAE0AZwBBADIAQQBEAGsAQQBPAFEAQQAxAEEARABnAEEATQBBAEEAegBBAEQATQBBAE4AdwBBAHkAQQBEAE0AQQBPAFEAQQA1AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 552 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ae573d6a-2c94-41fb-8e23-fe1490e3cc66
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand UABvAHcAZQByAFMAaABlAGwAbAAgAC0ATgBvAFAAcgBvAGYAaQBsAGUAIAAtAE4AbwBuAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABVAG4AcgBlAHMAdAByAGkAYwB0AGUAZAAgAC0ARQBuAGMAbwBkAGUAZABDAG8AbQBtAGEAbgBkACAAVQB3AEIAbABBAEgAUQBBAEwAUQBCAFQAQQBIAFEAQQBjAGcAQgBwAEEARwBNAEEAZABBAEIATgBBAEcAOABBAFoAQQBCAGwAQQBDAEEAQQBMAFEAQgBXAEEARwBVAEEAYwBnAEIAegBBAEcAawBBAGIAdwBCAHUAQQBDAEEAQQBUAEEAQgBoAEEASABRAEEAWgBRAEIAegBBAEgAUQBBAEMAZwBBAGsAQQBIAFEAQQBiAFEAQgB3AEEARgA4AEEAYwBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBEADAAQQBJAEEAQgBiAEEARgBNAEEAZQBRAEIAegBBAEgAUQBBAFoAUQBCAHQAQQBDADQAQQBSAFEAQgB1AEEASABZAEEAYQBRAEIAeQBBAEcAOABBAGIAZwBCAHQAQQBHAFUAQQBiAGcAQgAwAEEARgAwAEEATwBnAEEANgBBAEUAVQBBAGUAQQBCAHcAQQBHAEUAQQBiAGcAQgBrAEEARQBVAEEAYgBnAEIAMgBBAEcAawBBAGMAZwBCAHYAQQBHADQAQQBiAFEAQgBsAEEARwA0AEEAZABBAEIAVwBBAEcARQBBAGMAZwBCAHAAQQBHAEUAQQBZAGcAQgBzAEEARwBVAEEAYwB3AEEAbwBBAEMAYwBBAEoAUQBCAFUAQQBFAFUAQQBUAFEAQgBRAEEAQwBVAEEASgB3AEEAcABBAEEAbwBBAEoAQQBCADAAQQBHADAAQQBjAEEAQQBnAEEARAAwAEEASQBBAEIATwBBAEcAVQBBAGQAdwBBAHQAQQBFAGsAQQBkAEEAQgBsAEEARwAwAEEASQBBAEEAdABBAEYAUQBBAGUAUQBCAHcAQQBHAFUAQQBJAEEAQgBFAEEARwBrAEEAYwBnAEIAbABBAEcATQBBAGQAQQBCAHYAQQBIAEkAQQBlAFEAQQBnAEEAQwAwAEEAVQBBAEIAaABBAEgAUQBBAGEAQQBBAGcAQQBDAFEAQQBkAEEAQgB0AEEASABBAEEAWAB3AEIAdwBBAEcARQBBAGQAQQBCAG8AQQBDAEEAQQBMAFEAQgBPAEEARwBFAEEAYgBRAEIAbABBAEMAQQBBAEoAdwBCAGgAQQBHADQAQQBjAHcAQgBwAEEARwBJAEEAYgBBAEIAbABBAEMAMABBAGQAQQBCAHQAQQBIAEEAQQBMAFEAQQB4AEEARABZAEEATQBRAEEAeABBAEQAZwBBAE4AUQBBADEAQQBEAFUAQQBPAFEAQQB6AEEAQwA0AEEATQBnAEEAeABBAEMAMABBAE0AZwBBADIAQQBEAGsAQQBPAFEAQQAxAEEARABnAEEATQBBAEEAegBBAEQATQBBAE4AdwBBAHkAQQBEAE0AQQBPAFEAQQA1AEEARABJAEEASgB3AEEASwBBAEYAYwBBAGMAZwBCAHAAQQBIAFEAQQBaAFEAQQB0AEEARQA4AEEAZABRAEIAMABBAEgAQQBBAGQAUQBCADAAQQBDAEEAQQBMAFEAQgBKAEEARwA0AEEAYwBBAEIAMQBBAEgAUQBBAFQAdwBCAGkAQQBHAG8AQQBaAFEAQgBqAEEASABRAEEASQBBAEEAawBBAEgAUQBBAGIAUQBCAHcAQQBDADQAQQBSAGcAQgAxAEEARwB3AEEAYgBBAEIATwBBAEcARQBBAGIAUQBCAGwAQQBBAG8AQQBTAFEAQgBtAEEAQwBBAEEASwBBAEEAdABBAEcANABBAGIAdwBCADAAQQBDAEEAQQBKAEEAQQAvAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFMAUQBCAG0AQQBDAEEAQQBLAEEAQgBIAEEARwBVAEEAZABBAEEAdABBAEYAWQBBAFkAUQBCAHkAQQBHAGsAQQBZAFEAQgBpAEEARwB3AEEAWgBRAEEAZwBBAEUAdwBBAFEAUQBCAFQAQQBGAFEAQQBSAFEAQgBZAEEARQBrAEEAVgBBAEIARABBAEUAOABBAFIAQQBCAEYAQQBDAEEAQQBMAFEAQgBGAEEASABJAEEAYwBnAEIAdgBBAEgASQBBAFEAUQBCAGoAQQBIAFEAQQBhAFEAQgB2AEEARwA0AEEASQBBAEIAVABBAEcAawBBAGIAQQBCAGwAQQBHADQAQQBkAEEAQgBzAEEASABrAEEAUQB3AEIAdgBBAEcANABBAGQAQQBCAHAAQQBHADQAQQBkAFEAQgBsAEEAQwBrAEEASQBBAEIANwBBAEMAQQBBAFoAUQBCADQAQQBHAGsAQQBkAEEAQQBnAEEAQwBRAEEAVABBAEIAQgBBAEYATQBBAFYAQQBCAEYAQQBGAGcAQQBTAFEAQgBVAEEARQBNAEEAVAB3AEIARQBBAEUAVQBBAEkAQQBCADkAQQBDAEEAQQBSAFEAQgBzAEEASABNAEEAWgBRAEEAZwBBAEgAcwBBAEkAQQBCAGwAQQBIAGcAQQBhAFEAQgAwAEEAQwBBAEEATQBRAEEAZwBBAEgAMABBAEkAQQBCADkAQQBBAD0APQA=
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 551 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:53 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d4413467-544c-41f9-b649-6fa7e5e4c9f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7cf985b1-09d3-4a04-beb5-fefc5c0295c5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 550 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2ab18753-daca-4835-b9d6-7b4ed624dca3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9eeb0f7a-0140-4ae5-adec-3180a84ec681
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 549 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2ab18753-daca-4835-b9d6-7b4ed624dca3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 548 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2ab18753-daca-4835-b9d6-7b4ed624dca3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 547 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2ab18753-daca-4835-b9d6-7b4ed624dca3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 546 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2ab18753-daca-4835-b9d6-7b4ed624dca3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 545 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2ab18753-daca-4835-b9d6-7b4ed624dca3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 544 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2ab18753-daca-4835-b9d6-7b4ed624dca3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 543 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2ab18753-daca-4835-b9d6-7b4ed624dca3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 542 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2ab18753-daca-4835-b9d6-7b4ed624dca3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 541 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:52 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d4413467-544c-41f9-b649-6fa7e5e4c9f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=7cf985b1-09d3-4a04-beb5-fefc5c0295c5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 540 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d4413467-544c-41f9-b649-6fa7e5e4c9f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 539 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d4413467-544c-41f9-b649-6fa7e5e4c9f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 538 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d4413467-544c-41f9-b649-6fa7e5e4c9f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 537 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d4413467-544c-41f9-b649-6fa7e5e4c9f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 536 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d4413467-544c-41f9-b649-6fa7e5e4c9f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 535 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=d4413467-544c-41f9-b649-6fa7e5e4c9f5
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 534 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=042cbe74-5023-4520-b48e-7b65dbfdef7a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c31e5369-a673-42f4-8ef3-239a27314b70
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 533 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:51 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=793539f2-d787-4c69-8a07-0dbf4208dcdc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6a8bae76-55e2-45f6-a502-602133073e00
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 532 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=793539f2-d787-4c69-8a07-0dbf4208dcdc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 531 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=793539f2-d787-4c69-8a07-0dbf4208dcdc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 530 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=793539f2-d787-4c69-8a07-0dbf4208dcdc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 529 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=793539f2-d787-4c69-8a07-0dbf4208dcdc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 528 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=793539f2-d787-4c69-8a07-0dbf4208dcdc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 527 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=793539f2-d787-4c69-8a07-0dbf4208dcdc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 526 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=793539f2-d787-4c69-8a07-0dbf4208dcdc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 525 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=793539f2-d787-4c69-8a07-0dbf4208dcdc
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 524 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=042cbe74-5023-4520-b48e-7b65dbfdef7a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c31e5369-a673-42f4-8ef3-239a27314b70
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 523 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=042cbe74-5023-4520-b48e-7b65dbfdef7a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 522 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=042cbe74-5023-4520-b48e-7b65dbfdef7a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 521 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=042cbe74-5023-4520-b48e-7b65dbfdef7a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 520 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=042cbe74-5023-4520-b48e-7b65dbfdef7a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 519 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=042cbe74-5023-4520-b48e-7b65dbfdef7a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 518 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=042cbe74-5023-4520-b48e-7b65dbfdef7a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 517 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:50 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d8292fe-a36a-46f2-86cf-3d20b3edb87c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=77d890f1-7d94-4548-823b-624510c1cb1e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 516 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0be5e6c8-599e-45bf-9789-315b7bb42160
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d6b2b0e9-1538-448c-8b8e-0daf6cede463
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 515 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0be5e6c8-599e-45bf-9789-315b7bb42160
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d6b2b0e9-1538-448c-8b8e-0daf6cede463
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 514 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0be5e6c8-599e-45bf-9789-315b7bb42160
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 513 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0be5e6c8-599e-45bf-9789-315b7bb42160
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 512 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0be5e6c8-599e-45bf-9789-315b7bb42160
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 511 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0be5e6c8-599e-45bf-9789-315b7bb42160
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 510 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0be5e6c8-599e-45bf-9789-315b7bb42160
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 509 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0be5e6c8-599e-45bf-9789-315b7bb42160
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 508 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0be5e6c8-599e-45bf-9789-315b7bb42160
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 507 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0be5e6c8-599e-45bf-9789-315b7bb42160
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 506 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:49 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d8292fe-a36a-46f2-86cf-3d20b3edb87c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=77d890f1-7d94-4548-823b-624510c1cb1e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 505 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d8292fe-a36a-46f2-86cf-3d20b3edb87c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 504 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d8292fe-a36a-46f2-86cf-3d20b3edb87c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 503 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d8292fe-a36a-46f2-86cf-3d20b3edb87c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 502 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d8292fe-a36a-46f2-86cf-3d20b3edb87c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 501 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d8292fe-a36a-46f2-86cf-3d20b3edb87c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 500 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=1d8292fe-a36a-46f2-86cf-3d20b3edb87c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 499 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4044894c-d7d5-4770-b104-569e22943db8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=35e902c7-fec4-4bf4-8117-20ddf9e0d875
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 498 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=00ac1914-6d73-4bfd-80c2-01c9a330750c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9f8b6400-338f-4ade-8ab9-1e337c2253ff
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 497 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=00ac1914-6d73-4bfd-80c2-01c9a330750c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 496 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=00ac1914-6d73-4bfd-80c2-01c9a330750c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 495 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=00ac1914-6d73-4bfd-80c2-01c9a330750c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 494 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=00ac1914-6d73-4bfd-80c2-01c9a330750c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 493 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=00ac1914-6d73-4bfd-80c2-01c9a330750c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 492 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=00ac1914-6d73-4bfd-80c2-01c9a330750c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 491 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=00ac1914-6d73-4bfd-80c2-01c9a330750c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 490 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=00ac1914-6d73-4bfd-80c2-01c9a330750c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 489 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4044894c-d7d5-4770-b104-569e22943db8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=35e902c7-fec4-4bf4-8117-20ddf9e0d875
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 488 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4044894c-d7d5-4770-b104-569e22943db8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 487 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4044894c-d7d5-4770-b104-569e22943db8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 486 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4044894c-d7d5-4770-b104-569e22943db8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 485 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4044894c-d7d5-4770-b104-569e22943db8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 484 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4044894c-d7d5-4770-b104-569e22943db8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 483 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4044894c-d7d5-4770-b104-569e22943db8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 482 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:46 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=80648c6b-8a96-4876-ba5e-d37ff806346c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6d1d2251-79f0-4d20-bc76-1b8a4174c1d5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 481 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:45 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0c06fcc6-df3a-4dde-8336-ade86e542aa6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=caf2a223-bb6b-42eb-8ade-2fe85c92bc53
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 480 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0c06fcc6-df3a-4dde-8336-ade86e542aa6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 479 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0c06fcc6-df3a-4dde-8336-ade86e542aa6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 478 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:38 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0c06fcc6-df3a-4dde-8336-ade86e542aa6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 477 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0c06fcc6-df3a-4dde-8336-ade86e542aa6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 476 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0c06fcc6-df3a-4dde-8336-ade86e542aa6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 475 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0c06fcc6-df3a-4dde-8336-ade86e542aa6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 474 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0c06fcc6-df3a-4dde-8336-ade86e542aa6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 473 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=0c06fcc6-df3a-4dde-8336-ade86e542aa6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 472 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=80648c6b-8a96-4876-ba5e-d37ff806346c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=6d1d2251-79f0-4d20-bc76-1b8a4174c1d5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 471 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=80648c6b-8a96-4876-ba5e-d37ff806346c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 470 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=80648c6b-8a96-4876-ba5e-d37ff806346c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 469 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=80648c6b-8a96-4876-ba5e-d37ff806346c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 468 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=80648c6b-8a96-4876-ba5e-d37ff806346c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 467 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=80648c6b-8a96-4876-ba5e-d37ff806346c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 466 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=80648c6b-8a96-4876-ba5e-d37ff806346c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 465 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=18cc2031-c9c0-4ec5-a3d5-ffad5f95f298
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=760644f5-8da1-4dc7-a80c-dae193597bc7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 464 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1374a85a-a07b-498d-9ca7-0a3548a6506c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9479f328-b137-4362-b4e0-6e5ec2c451e1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 463 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1374a85a-a07b-498d-9ca7-0a3548a6506c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 462 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1374a85a-a07b-498d-9ca7-0a3548a6506c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 461 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1374a85a-a07b-498d-9ca7-0a3548a6506c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 460 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1374a85a-a07b-498d-9ca7-0a3548a6506c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 459 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1374a85a-a07b-498d-9ca7-0a3548a6506c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 458 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1374a85a-a07b-498d-9ca7-0a3548a6506c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 457 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1374a85a-a07b-498d-9ca7-0a3548a6506c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 456 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1374a85a-a07b-498d-9ca7-0a3548a6506c
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 455 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=18cc2031-c9c0-4ec5-a3d5-ffad5f95f298
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=760644f5-8da1-4dc7-a80c-dae193597bc7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 454 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=18cc2031-c9c0-4ec5-a3d5-ffad5f95f298
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 453 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=18cc2031-c9c0-4ec5-a3d5-ffad5f95f298
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 452 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=18cc2031-c9c0-4ec5-a3d5-ffad5f95f298
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 451 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=18cc2031-c9c0-4ec5-a3d5-ffad5f95f298
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 450 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=18cc2031-c9c0-4ec5-a3d5-ffad5f95f298
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 449 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=18cc2031-c9c0-4ec5-a3d5-ffad5f95f298
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 448 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37eba62c-71f4-4465-95c8-2090ba3ae578
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ec644531-5a4c-4047-bd6b-66b9faec7de2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 447 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:34 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bdae90cb-a67d-438e-972a-1b695741052b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8d3b9bab-d884-4a8b-81a1-731bfb1915c7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 446 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bdae90cb-a67d-438e-972a-1b695741052b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 445 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bdae90cb-a67d-438e-972a-1b695741052b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 444 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bdae90cb-a67d-438e-972a-1b695741052b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 443 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bdae90cb-a67d-438e-972a-1b695741052b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 442 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bdae90cb-a67d-438e-972a-1b695741052b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 441 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bdae90cb-a67d-438e-972a-1b695741052b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 440 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bdae90cb-a67d-438e-972a-1b695741052b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 439 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=bdae90cb-a67d-438e-972a-1b695741052b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 438 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37eba62c-71f4-4465-95c8-2090ba3ae578
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ec644531-5a4c-4047-bd6b-66b9faec7de2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 437 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37eba62c-71f4-4465-95c8-2090ba3ae578
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 436 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37eba62c-71f4-4465-95c8-2090ba3ae578
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 435 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37eba62c-71f4-4465-95c8-2090ba3ae578
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 434 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37eba62c-71f4-4465-95c8-2090ba3ae578
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 433 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37eba62c-71f4-4465-95c8-2090ba3ae578
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 432 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=37eba62c-71f4-4465-95c8-2090ba3ae578
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 431 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47cb9223-b515-410e-9c70-d7166f306f36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ba79abdd-14ce-4adf-8a41-d542f9da0c92
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 430 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:29 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=70abe768-af22-4bea-9759-7430ebf2b126
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=747a2555-873e-43af-9f31-17d8c83436a0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 429 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=70abe768-af22-4bea-9759-7430ebf2b126
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 428 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=70abe768-af22-4bea-9759-7430ebf2b126
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 427 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=70abe768-af22-4bea-9759-7430ebf2b126
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 426 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=70abe768-af22-4bea-9759-7430ebf2b126
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 425 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=70abe768-af22-4bea-9759-7430ebf2b126
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 424 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=70abe768-af22-4bea-9759-7430ebf2b126
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 423 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=70abe768-af22-4bea-9759-7430ebf2b126
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 422 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=70abe768-af22-4bea-9759-7430ebf2b126
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 421 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47cb9223-b515-410e-9c70-d7166f306f36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ba79abdd-14ce-4adf-8a41-d542f9da0c92
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 420 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47cb9223-b515-410e-9c70-d7166f306f36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 419 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47cb9223-b515-410e-9c70-d7166f306f36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 418 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47cb9223-b515-410e-9c70-d7166f306f36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 417 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47cb9223-b515-410e-9c70-d7166f306f36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 416 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47cb9223-b515-410e-9c70-d7166f306f36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 415 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=47cb9223-b515-410e-9c70-d7166f306f36
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 414 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:25 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6886b198-c634-491c-b90a-39cbbe2135db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f920f52d-744c-4b61-99a5-3f3c39b2d8d4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 413 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=42c9f724-034c-4225-a832-ff2dc41e8ffe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=87073066-7764-4331-9bcb-87244045c234
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 412 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:24 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=42c9f724-034c-4225-a832-ff2dc41e8ffe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=87073066-7764-4331-9bcb-87244045c234
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 411 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=42c9f724-034c-4225-a832-ff2dc41e8ffe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 410 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=42c9f724-034c-4225-a832-ff2dc41e8ffe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 409 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=42c9f724-034c-4225-a832-ff2dc41e8ffe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 408 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=42c9f724-034c-4225-a832-ff2dc41e8ffe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 407 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=42c9f724-034c-4225-a832-ff2dc41e8ffe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 406 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=42c9f724-034c-4225-a832-ff2dc41e8ffe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 405 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=42c9f724-034c-4225-a832-ff2dc41e8ffe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 404 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=42c9f724-034c-4225-a832-ff2dc41e8ffe
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 403 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6886b198-c634-491c-b90a-39cbbe2135db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f920f52d-744c-4b61-99a5-3f3c39b2d8d4
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 402 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6886b198-c634-491c-b90a-39cbbe2135db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 401 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6886b198-c634-491c-b90a-39cbbe2135db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 400 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6886b198-c634-491c-b90a-39cbbe2135db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 399 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6886b198-c634-491c-b90a-39cbbe2135db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 398 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6886b198-c634-491c-b90a-39cbbe2135db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 397 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6886b198-c634-491c-b90a-39cbbe2135db
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 396 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e3c75474-a436-4d45-a624-102876c5cbce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8c9b7902-89bd-4a68-9efc-2cea1cb23999
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 395 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89187f1a-a527-4b55-bab6-a33800bcfdd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=686f1602-0bac-45a9-b605-beaefc6b283c
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 394 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89187f1a-a527-4b55-bab6-a33800bcfdd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=686f1602-0bac-45a9-b605-beaefc6b283c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 393 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89187f1a-a527-4b55-bab6-a33800bcfdd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 392 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89187f1a-a527-4b55-bab6-a33800bcfdd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 391 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89187f1a-a527-4b55-bab6-a33800bcfdd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 390 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89187f1a-a527-4b55-bab6-a33800bcfdd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 389 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89187f1a-a527-4b55-bab6-a33800bcfdd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 388 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89187f1a-a527-4b55-bab6-a33800bcfdd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 387 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89187f1a-a527-4b55-bab6-a33800bcfdd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 386 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=89187f1a-a527-4b55-bab6-a33800bcfdd2
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 385 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:22 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e3c75474-a436-4d45-a624-102876c5cbce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8c9b7902-89bd-4a68-9efc-2cea1cb23999
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 384 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e3c75474-a436-4d45-a624-102876c5cbce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 383 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e3c75474-a436-4d45-a624-102876c5cbce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 382 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e3c75474-a436-4d45-a624-102876c5cbce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 381 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e3c75474-a436-4d45-a624-102876c5cbce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 380 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e3c75474-a436-4d45-a624-102876c5cbce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 379 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e3c75474-a436-4d45-a624-102876c5cbce
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 378 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=582fa2c7-f226-4ff8-9060-cd0b5f615d3b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e9351b8b-5c6e-4e87-beda-692800866717
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 377 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2075d970-525e-46e5-9b4a-6d1f56d478c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ccf94ff0-b355-4fec-8097-9bd7a68b2589
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 376 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2075d970-525e-46e5-9b4a-6d1f56d478c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=ccf94ff0-b355-4fec-8097-9bd7a68b2589
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 375 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2075d970-525e-46e5-9b4a-6d1f56d478c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 374 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2075d970-525e-46e5-9b4a-6d1f56d478c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 373 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2075d970-525e-46e5-9b4a-6d1f56d478c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 372 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2075d970-525e-46e5-9b4a-6d1f56d478c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 371 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2075d970-525e-46e5-9b4a-6d1f56d478c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 370 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2075d970-525e-46e5-9b4a-6d1f56d478c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 369 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2075d970-525e-46e5-9b4a-6d1f56d478c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 368 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=2075d970-525e-46e5-9b4a-6d1f56d478c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 367 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=582fa2c7-f226-4ff8-9060-cd0b5f615d3b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=e9351b8b-5c6e-4e87-beda-692800866717
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 366 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=582fa2c7-f226-4ff8-9060-cd0b5f615d3b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 365 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=582fa2c7-f226-4ff8-9060-cd0b5f615d3b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 364 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=582fa2c7-f226-4ff8-9060-cd0b5f615d3b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 363 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=582fa2c7-f226-4ff8-9060-cd0b5f615d3b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 362 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=582fa2c7-f226-4ff8-9060-cd0b5f615d3b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 361 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=582fa2c7-f226-4ff8-9060-cd0b5f615d3b
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 360 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cd9bce8e-4ab1-416e-bdec-75ef78db5332
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9a942f56-1d20-4d0c-8b02-d686ea1175bf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 359 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1187c2c0-8b84-4e25-a643-06eeeb9ba20e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=96e43dc0-1515-4b14-8b09-3c58098c9615
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 358 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1187c2c0-8b84-4e25-a643-06eeeb9ba20e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=96e43dc0-1515-4b14-8b09-3c58098c9615
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 357 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1187c2c0-8b84-4e25-a643-06eeeb9ba20e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 356 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1187c2c0-8b84-4e25-a643-06eeeb9ba20e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 355 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1187c2c0-8b84-4e25-a643-06eeeb9ba20e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 354 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1187c2c0-8b84-4e25-a643-06eeeb9ba20e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 353 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1187c2c0-8b84-4e25-a643-06eeeb9ba20e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 352 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1187c2c0-8b84-4e25-a643-06eeeb9ba20e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 351 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1187c2c0-8b84-4e25-a643-06eeeb9ba20e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 350 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=1187c2c0-8b84-4e25-a643-06eeeb9ba20e
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 349 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:19 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cd9bce8e-4ab1-416e-bdec-75ef78db5332
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=9a942f56-1d20-4d0c-8b02-d686ea1175bf
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 348 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cd9bce8e-4ab1-416e-bdec-75ef78db5332
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 347 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cd9bce8e-4ab1-416e-bdec-75ef78db5332
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 346 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cd9bce8e-4ab1-416e-bdec-75ef78db5332
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 345 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cd9bce8e-4ab1-416e-bdec-75ef78db5332
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 344 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cd9bce8e-4ab1-416e-bdec-75ef78db5332
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 343 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=cd9bce8e-4ab1-416e-bdec-75ef78db5332
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 342 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4bbbbf1-105f-4c0f-8d4b-40e0da59238a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=23ced923-53de-47f4-a2da-1cc04c142738
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 341 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94f9878e-b2cc-4188-aa5a-1e9ccfb19960
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=afc0880b-fd80-44d5-b232-54c28657a94b
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 340 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:18 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94f9878e-b2cc-4188-aa5a-1e9ccfb19960
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=afc0880b-fd80-44d5-b232-54c28657a94b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 339 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94f9878e-b2cc-4188-aa5a-1e9ccfb19960
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 338 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94f9878e-b2cc-4188-aa5a-1e9ccfb19960
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 337 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94f9878e-b2cc-4188-aa5a-1e9ccfb19960
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 336 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94f9878e-b2cc-4188-aa5a-1e9ccfb19960
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 335 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94f9878e-b2cc-4188-aa5a-1e9ccfb19960
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 334 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94f9878e-b2cc-4188-aa5a-1e9ccfb19960
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 333 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94f9878e-b2cc-4188-aa5a-1e9ccfb19960
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 332 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=94f9878e-b2cc-4188-aa5a-1e9ccfb19960
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 331 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4bbbbf1-105f-4c0f-8d4b-40e0da59238a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=23ced923-53de-47f4-a2da-1cc04c142738
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 330 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4bbbbf1-105f-4c0f-8d4b-40e0da59238a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 329 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4bbbbf1-105f-4c0f-8d4b-40e0da59238a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 328 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4bbbbf1-105f-4c0f-8d4b-40e0da59238a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 327 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4bbbbf1-105f-4c0f-8d4b-40e0da59238a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 326 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4bbbbf1-105f-4c0f-8d4b-40e0da59238a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 325 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=f4bbbbf1-105f-4c0f-8d4b-40e0da59238a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 324 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ab11b5ba-c543-4181-a40a-b150148975c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=dbc7051b-6aef-48d1-80a0-120400b2c8e7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 323 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e62f7166-b636-4e68-9207-d85d72c0fc57
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2a6730e0-bad7-4d88-88cf-6f8f8b6599e1
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 322 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e62f7166-b636-4e68-9207-d85d72c0fc57
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2a6730e0-bad7-4d88-88cf-6f8f8b6599e1
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 321 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e62f7166-b636-4e68-9207-d85d72c0fc57
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 320 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e62f7166-b636-4e68-9207-d85d72c0fc57
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 319 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e62f7166-b636-4e68-9207-d85d72c0fc57
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 318 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e62f7166-b636-4e68-9207-d85d72c0fc57
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 317 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e62f7166-b636-4e68-9207-d85d72c0fc57
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 316 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e62f7166-b636-4e68-9207-d85d72c0fc57
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 315 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e62f7166-b636-4e68-9207-d85d72c0fc57
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 314 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=e62f7166-b636-4e68-9207-d85d72c0fc57
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 313 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ab11b5ba-c543-4181-a40a-b150148975c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=dbc7051b-6aef-48d1-80a0-120400b2c8e7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 312 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ab11b5ba-c543-4181-a40a-b150148975c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 311 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ab11b5ba-c543-4181-a40a-b150148975c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 310 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ab11b5ba-c543-4181-a40a-b150148975c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 309 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ab11b5ba-c543-4181-a40a-b150148975c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 308 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ab11b5ba-c543-4181-a40a-b150148975c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 307 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ab11b5ba-c543-4181-a40a-b150148975c6
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 306 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=affc59f3-7d9f-4aa1-8a87-31e0107a59c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d0e2dbff-394c-4121-ba3e-1ecdda6bd660
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 305 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=27dc1651-5559-4116-92c0-7af2ccd4dbd8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f4bcdf4e-6f1d-4bae-ad56-25157d40c44e
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 304 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=27dc1651-5559-4116-92c0-7af2ccd4dbd8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=f4bcdf4e-6f1d-4bae-ad56-25157d40c44e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 303 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=27dc1651-5559-4116-92c0-7af2ccd4dbd8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 302 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=27dc1651-5559-4116-92c0-7af2ccd4dbd8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 301 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=27dc1651-5559-4116-92c0-7af2ccd4dbd8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 300 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=27dc1651-5559-4116-92c0-7af2ccd4dbd8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 299 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=27dc1651-5559-4116-92c0-7af2ccd4dbd8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 298 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=27dc1651-5559-4116-92c0-7af2ccd4dbd8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 297 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=27dc1651-5559-4116-92c0-7af2ccd4dbd8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 296 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=27dc1651-5559-4116-92c0-7af2ccd4dbd8
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 295 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=affc59f3-7d9f-4aa1-8a87-31e0107a59c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=d0e2dbff-394c-4121-ba3e-1ecdda6bd660
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 294 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=affc59f3-7d9f-4aa1-8a87-31e0107a59c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 293 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=affc59f3-7d9f-4aa1-8a87-31e0107a59c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 292 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=affc59f3-7d9f-4aa1-8a87-31e0107a59c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 291 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=affc59f3-7d9f-4aa1-8a87-31e0107a59c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 290 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=affc59f3-7d9f-4aa1-8a87-31e0107a59c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 289 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=affc59f3-7d9f-4aa1-8a87-31e0107a59c1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 288 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4176174f-09c3-4efd-8694-f7babda9889d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=92750f6c-1bb3-4592-ac9e-9b26b6d28605
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 287 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fe6a2f30-4ccd-433d-bad1-08eadb41698a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=22256885-8a74-403a-ac3f-d9d297f0702c
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 286 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fe6a2f30-4ccd-433d-bad1-08eadb41698a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=22256885-8a74-403a-ac3f-d9d297f0702c
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 285 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fe6a2f30-4ccd-433d-bad1-08eadb41698a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 284 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fe6a2f30-4ccd-433d-bad1-08eadb41698a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 283 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fe6a2f30-4ccd-433d-bad1-08eadb41698a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 282 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fe6a2f30-4ccd-433d-bad1-08eadb41698a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 281 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fe6a2f30-4ccd-433d-bad1-08eadb41698a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 280 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fe6a2f30-4ccd-433d-bad1-08eadb41698a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 279 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fe6a2f30-4ccd-433d-bad1-08eadb41698a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 278 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=fe6a2f30-4ccd-433d-bad1-08eadb41698a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 277 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:13 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4176174f-09c3-4efd-8694-f7babda9889d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=92750f6c-1bb3-4592-ac9e-9b26b6d28605
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 276 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4176174f-09c3-4efd-8694-f7babda9889d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 275 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4176174f-09c3-4efd-8694-f7babda9889d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 274 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4176174f-09c3-4efd-8694-f7babda9889d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 273 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4176174f-09c3-4efd-8694-f7babda9889d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 272 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4176174f-09c3-4efd-8694-f7babda9889d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 271 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4176174f-09c3-4efd-8694-f7babda9889d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 270 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3924da06-d3fe-453e-b4ff-ec48d7cfe7b1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=68921ac6-98d1-43ba-a3e4-483f98527ec2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 269 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5e59263f-4c09-40f5-b3b6-85728ba0f4ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=321ccf8d-a890-437f-bb07-d4f13f08b313
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 268 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5e59263f-4c09-40f5-b3b6-85728ba0f4ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=321ccf8d-a890-437f-bb07-d4f13f08b313
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 267 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5e59263f-4c09-40f5-b3b6-85728ba0f4ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 266 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5e59263f-4c09-40f5-b3b6-85728ba0f4ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 265 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5e59263f-4c09-40f5-b3b6-85728ba0f4ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 264 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5e59263f-4c09-40f5-b3b6-85728ba0f4ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 263 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5e59263f-4c09-40f5-b3b6-85728ba0f4ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 262 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5e59263f-4c09-40f5-b3b6-85728ba0f4ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 261 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5e59263f-4c09-40f5-b3b6-85728ba0f4ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 260 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=5e59263f-4c09-40f5-b3b6-85728ba0f4ad
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 259 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:12 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3924da06-d3fe-453e-b4ff-ec48d7cfe7b1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=68921ac6-98d1-43ba-a3e4-483f98527ec2
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 258 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3924da06-d3fe-453e-b4ff-ec48d7cfe7b1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 257 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3924da06-d3fe-453e-b4ff-ec48d7cfe7b1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 256 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3924da06-d3fe-453e-b4ff-ec48d7cfe7b1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 255 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3924da06-d3fe-453e-b4ff-ec48d7cfe7b1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 254 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3924da06-d3fe-453e-b4ff-ec48d7cfe7b1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 253 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3924da06-d3fe-453e-b4ff-ec48d7cfe7b1
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 252 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e16a4a0f-b9e9-4f11-8bc5-8fec8a0f632d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5a8e62c7-6730-429b-a06c-ff373ceedb0d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 251 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd8ad6b2-7fbb-40c5-86bd-09860caff4fa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a9fc5277-7522-4135-adf4-eb22cb7cd8df
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 250 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:11 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd8ad6b2-7fbb-40c5-86bd-09860caff4fa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=a9fc5277-7522-4135-adf4-eb22cb7cd8df
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 249 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd8ad6b2-7fbb-40c5-86bd-09860caff4fa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 248 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd8ad6b2-7fbb-40c5-86bd-09860caff4fa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 247 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd8ad6b2-7fbb-40c5-86bd-09860caff4fa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 246 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd8ad6b2-7fbb-40c5-86bd-09860caff4fa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 245 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd8ad6b2-7fbb-40c5-86bd-09860caff4fa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 244 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd8ad6b2-7fbb-40c5-86bd-09860caff4fa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 243 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd8ad6b2-7fbb-40c5-86bd-09860caff4fa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 242 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=dd8ad6b2-7fbb-40c5-86bd-09860caff4fa
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 241 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e16a4a0f-b9e9-4f11-8bc5-8fec8a0f632d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=5a8e62c7-6730-429b-a06c-ff373ceedb0d
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 240 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e16a4a0f-b9e9-4f11-8bc5-8fec8a0f632d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 239 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e16a4a0f-b9e9-4f11-8bc5-8fec8a0f632d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 238 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e16a4a0f-b9e9-4f11-8bc5-8fec8a0f632d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 237 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e16a4a0f-b9e9-4f11-8bc5-8fec8a0f632d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 236 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e16a4a0f-b9e9-4f11-8bc5-8fec8a0f632d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 235 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e16a4a0f-b9e9-4f11-8bc5-8fec8a0f632d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 234 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:10 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e2e2cac2-d9c5-4d78-b980-34097672a961
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=86b0c8eb-5c07-4c29-bf49-cd18a2a5b109
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 233 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $symlink_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=01328882-775b-441a-b2a4-3d0679853103
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b13698ef-3e1f-4ed8-b496-82818748d269
PipelineId=5
ScriptName=
CommandLine=Add-Type -TypeDefinition $symlink_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.ComponentModel;
using System.Runtime.InteropServices;
namespace Ansible.Command {
public class SymLinkHelper {
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool DeleteFileW(string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern bool RemoveDirectoryW(string lpPathName);
public static void DeleteDirectory(string path) {
if (!RemoveDirectoryW(path))
throw new Exception(String.Format("RemoveDirectoryW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
public static void DeleteFile(string path) {
if (!DeleteFileW(path))
throw new Exception(String.Format("DeleteFileW({0}) failed: {1}", path, new Win32Exception(Marshal.GetLastWin32Error()).Message));
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 232 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=01328882-775b-441a-b2a4-3d0679853103
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=b13698ef-3e1f-4ed8-b496-82818748d269
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 231 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=01328882-775b-441a-b2a4-3d0679853103
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 230 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=01328882-775b-441a-b2a4-3d0679853103
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 229 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=01328882-775b-441a-b2a4-3d0679853103
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 228 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=01328882-775b-441a-b2a4-3d0679853103
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 227 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=01328882-775b-441a-b2a4-3d0679853103
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 226 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=01328882-775b-441a-b2a4-3d0679853103
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 225 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=01328882-775b-441a-b2a4-3d0679853103
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 224 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=01328882-775b-441a-b2a4-3d0679853103
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 223 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:09 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e2e2cac2-d9c5-4d78-b980-34097672a961
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=86b0c8eb-5c07-4c29-bf49-cd18a2a5b109
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 222 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e2e2cac2-d9c5-4d78-b980-34097672a961
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 221 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e2e2cac2-d9c5-4d78-b980-34097672a961
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 220 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e2e2cac2-d9c5-4d78-b980-34097672a961
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 219 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e2e2cac2-d9c5-4d78-b980-34097672a961
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 218 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e2e2cac2-d9c5-4d78-b980-34097672a961
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 217 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e2e2cac2-d9c5-4d78-b980-34097672a961
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 216 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:08 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=35
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e35359c4-9083-4f08-97df-7a3fbaf1c13a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2f5a089f-8706-421e-8eaf-3363a628d998
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 215 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6189447a-4672-4a9d-8765-6410b339e22e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=5.1.14393.1944
RunspaceId=6295ff59-7e8e-4917-8654-05758a4ec62f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 214 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6189447a-4672-4a9d-8765-6410b339e22e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=5.1.14393.1944
RunspaceId=6295ff59-7e8e-4917-8654-05758a4ec62f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 213 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6189447a-4672-4a9d-8765-6410b339e22e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 212 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6189447a-4672-4a9d-8765-6410b339e22e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 211 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6189447a-4672-4a9d-8765-6410b339e22e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 210 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6189447a-4672-4a9d-8765-6410b339e22e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 209 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6189447a-4672-4a9d-8765-6410b339e22e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 208 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=6189447a-4672-4a9d-8765-6410b339e22e
HostApplication=powershell.exe -noninteractive -encodedcommand WwBDAG8AbgBzAG8AbABlAF0AOgA6AEkAbgBwAHUAdABFAG4AYwBvAGQAaQBuAGcAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFQAZQB4AHQALgBVAFQARgA4AEUAbgBjAG8AZABpAG4AZwAgACQAZgBhAGwAcwBlADsAIABuAGUAdAAgAHUAcwBlAHIAIABhAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACAAUABhAHMAcwB3ADAAcgBkAA==
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 207 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:07 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $process_util
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=33
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=186fdc59-c76c-48f1-a3cb-cc7bc4d85a0f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=67cff798-54fd-4667-97e2-de47b94070c7
PipelineId=7
ScriptName=
CommandLine= Add-Type -TypeDefinition $process_util
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles;
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Ansible
{
[StructLayout(LayoutKind.Sequential)]
public class SECURITY_ATTRIBUTES
{
public int nLength;
public IntPtr lpSecurityDescriptor;
public bool bInheritHandle = false;
public SECURITY_ATTRIBUTES()
{
nLength = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFO
{
public Int32 cb;
public IntPtr lpReserved;
public IntPtr lpDesktop;
public IntPtr lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public SafeFileHandle hStdInput;
public SafeFileHandle hStdOutput;
public SafeFileHandle hStdError;
public STARTUPINFO()
{
cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public class STARTUPINFOEX
{
public STARTUPINFO startupInfo;
public IntPtr lpAttributeList;
public STARTUPINFOEX()
{
startupInfo = new STARTUPINFO();
startupInfo.cb = Marshal.SizeOf(this);
}
}
[StructLayout(LayoutKind.Sequential)]
public struct PROCESS_INFORMATION
{
public IntPtr hProcess;
public IntPtr hThread;
public int dwProcessId;
public int dwThreadId;
}
[Flags]
public enum StartupInfoFlags : uint
{
USESTDHANDLES = 0x00000100
}
public enum HandleFlags : uint
{
None = 0,
INHERIT = 1
}
class NativeWaitHandle : WaitHandle
{
public NativeWaitHandle(IntPtr handle)
{
this.SafeWaitHandle = new SafeWaitHandle(handle, false);
}
}
public class Win32Exception : System.ComponentModel.Win32Exception
{
private string _msg;
public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { }
public Win32Exception(int errorCode, string message) : base(errorCode)
{
_msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode);
}
public override string Message { get { return _msg; } }
public static explicit operator Win32Exception(string message) { return new Win32Exception(message); }
}
public class CommandUtil
{
private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400;
private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000;
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)]
public static extern bool CreateProcess(
[MarshalAs(UnmanagedType.LPWStr)]
string lpApplicationName,
StringBuilder lpCommandLine,
IntPtr lpProcessAttributes,
IntPtr lpThreadAttributes,
bool bInheritHandles,
uint dwCreationFlags,
IntPtr lpEnvironment,
[MarshalAs(UnmanagedType.LPWStr)]
string lpCurrentDirectory,
STARTUPINFOEX lpStartupInfo,
out PROCESS_INFORMATION lpProcessInformation);
[DllImport("kernel32.dll")]
public static extern bool CreatePipe(
out SafeFileHandle hReadPipe,
out SafeFileHandle hWritePipe,
SECURITY_ATTRIBUTES lpPipeAttributes,
uint nSize);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool SetHandleInformation(
SafeFileHandle hObject,
HandleFlags dwMask,
int dwFlags);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool GetExitCodeProcess(
IntPtr hProcess,
out uint lpExitCode);
[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern uint SearchPath(
string lpPath,
string lpFileName,
string lpExtension,
int nBufferLength,
[MarshalAs (UnmanagedType.LPTStr)]
StringBuilder lpBuffer,
out IntPtr lpFilePart);
[DllImport("shell32.dll", SetLastError = true)]
static extern IntPtr CommandLineToArgvW(
[MarshalAs(UnmanagedType.LPWStr)]
string lpCmdLine,
out int pNumArgs);
public static string[] ParseCommandLine(string lpCommandLine)
{
int numArgs;
IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs);
if (ret == IntPtr.Zero)
throw new Win32Exception("Error parsing command line");
IntPtr[] strptrs = new IntPtr[numArgs];
Marshal.Copy(ret, strptrs, 0, numArgs);
string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray();
Marshal.FreeHGlobal(ret);
return cmdlineParts;
}
public static string SearchPath(string lpFileName)
{
StringBuilder sbOut = new StringBuilder(1024);
IntPtr filePartOut;
if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0)
throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName));
return sbOut.ToString();
}
public class CommandResult
{
public string StandardOut { get; internal set; }
public string StandardError { get; internal set; }
public uint ExitCode { get; internal set; }
}
public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment)
{
UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT;
STARTUPINFOEX si = new STARTUPINFOEX();
si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES;
SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES();
pipesec.bInheritHandle = true;
// Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo
SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write;
if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0))
throw new Win32Exception("STDOUT pipe setup failed");
if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDOUT pipe handle setup failed");
if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0))
throw new Win32Exception("STDERR pipe setup failed");
if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDERR pipe handle setup failed");
if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0))
throw new Win32Exception("STDIN pipe setup failed");
if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0))
throw new Win32Exception("STDIN pipe handle setup failed");
si.startupInfo.hStdOutput = stdout_write;
si.startupInfo.hStdError = stderr_write;
si.startupInfo.hStdInput = stdin_read;
// Setup the stdin buffer
UTF8Encoding utf8_encoding = new UTF8Encoding(false);
FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768);
StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768);
// If lpCurrentDirectory is set to null in PS it will be an empty
// string here, we need to convert it
if (lpCurrentDirectory == "")
lpCurrentDirectory = null;
StringBuilder environmentString = null;
if (environment != null && environment.Count > 0)
{
environmentString = new StringBuilder();
foreach (DictionaryEntry kv in environment)
environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value);
environmentString.Append('\0');
}
// Create the environment block if set
IntPtr lpEnvironment = IntPtr.Zero;
if (environmentString != null)
lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString());
// Create new process and run
StringBuilder argument_string = new StringBuilder(lpCommandLine);
PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
if (!CreateProcess(
lpApplicationName,
argument_string,
IntPtr.Zero,
IntPtr.Zero,
true,
startup_flags,
lpEnvironment,
lpCurrentDirectory,
si,
out pi))
{
throw new Win32Exception("Failed to create new process");
}
// Setup the output buffers and get stdout/stderr
FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096);
StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096);
stdout_write.Close();
FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096);
StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096);
stderr_write.Close();
stdin.WriteLine(stdinInput);
stdin.Close();
string stdout_str, stderr_str = null;
GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str);
uint rc = GetProcessExitCode(pi.hProcess);
return new CommandResult
{
StandardOut = stdout_str,
StandardError = stderr_str,
ExitCode = rc
};
}
private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr)
{
var sowait = new EventWaitHandle(false, EventResetMode.ManualReset);
var sewait = new EventWaitHandle(false, EventResetMode.ManualReset);
string so = null, se = null;
ThreadPool.QueueUserWorkItem((s) =>
{
so = stdoutStream.ReadToEnd();
sowait.Set();
});
ThreadPool.QueueUserWorkItem((s) =>
{
se = stderrStream.ReadToEnd();
sewait.Set();
});
foreach (var wh in new WaitHandle[] { sowait, sewait })
wh.WaitOne();
stdout = so;
stderr = se;
}
private static uint GetProcessExitCode(IntPtr processHandle)
{
new NativeWaitHandle(processHandle).WaitOne();
uint exitCode;
if (!GetExitCodeProcess(processHandle, out exitCode))
throw new Win32Exception("Error getting process exit code");
return exitCode;
}
}
}"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 206 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:06 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=186fdc59-c76c-48f1-a3cb-cc7bc4d85a0f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=67cff798-54fd-4667-97e2-de47b94070c7
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 205 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=186fdc59-c76c-48f1-a3cb-cc7bc4d85a0f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 204 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=186fdc59-c76c-48f1-a3cb-cc7bc4d85a0f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 203 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=186fdc59-c76c-48f1-a3cb-cc7bc4d85a0f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 202 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=186fdc59-c76c-48f1-a3cb-cc7bc4d85a0f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 201 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=186fdc59-c76c-48f1-a3cb-cc7bc4d85a0f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 200 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=186fdc59-c76c-48f1-a3cb-cc7bc4d85a0f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 199 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=186fdc59-c76c-48f1-a3cb-cc7bc4d85a0f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 198 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=186fdc59-c76c-48f1-a3cb-cc7bc4d85a0f
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 197 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:05 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e35359c4-9083-4f08-97df-7a3fbaf1c13a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=2f5a089f-8706-421e-8eaf-3363a628d998
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 196 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e35359c4-9083-4f08-97df-7a3fbaf1c13a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 195 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e35359c4-9083-4f08-97df-7a3fbaf1c13a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 194 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e35359c4-9083-4f08-97df-7a3fbaf1c13a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 193 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e35359c4-9083-4f08-97df-7a3fbaf1c13a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 192 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e35359c4-9083-4f08-97df-7a3fbaf1c13a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 191 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=e35359c4-9083-4f08-97df-7a3fbaf1c13a
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 190 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:04 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=36
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=08743e58-def7-453b-b784-a40310ea2c3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bb942613-67e2-41f2-97ec-32b8b6382438
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 189 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:39:02 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.DirectoryServices.AccountManagement
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=34
UserId=N-H1-705658-16\Admin
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d16fdc89-889f-4c5d-b6bd-58a452e0bcc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c04c56ba-2350-4db3-a8d9-5ff312dc9560
PipelineId=5
ScriptName=
CommandLine= Add-Type -AssemblyName System.DirectoryServices.AccountManagement
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 188 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:55 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d16fdc89-889f-4c5d-b6bd-58a452e0bcc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c04c56ba-2350-4db3-a8d9-5ff312dc9560
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 187 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d16fdc89-889f-4c5d-b6bd-58a452e0bcc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 186 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d16fdc89-889f-4c5d-b6bd-58a452e0bcc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 185 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d16fdc89-889f-4c5d-b6bd-58a452e0bcc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 184 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d16fdc89-889f-4c5d-b6bd-58a452e0bcc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 183 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d16fdc89-889f-4c5d-b6bd-58a452e0bcc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 182 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d16fdc89-889f-4c5d-b6bd-58a452e0bcc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 181 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d16fdc89-889f-4c5d-b6bd-58a452e0bcc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 180 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=d16fdc89-889f-4c5d-b6bd-58a452e0bcc3
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 179 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=08743e58-def7-453b-b784-a40310ea2c3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=bb942613-67e2-41f2-97ec-32b8b6382438
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 178 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=08743e58-def7-453b-b784-a40310ea2c3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 177 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=08743e58-def7-453b-b784-a40310ea2c3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 176 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=08743e58-def7-453b-b784-a40310ea2c3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 175 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=08743e58-def7-453b-b784-a40310ea2c3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 174 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=08743e58-def7-453b-b784-a40310ea2c3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 173 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=08743e58-def7-453b-b784-a40310ea2c3d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 172 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:47 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=33
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=946d5f73-6ebe-41ed-9843-c75f63834c7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8e8beee8-0735-49f5-94b9-42223214ed1f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 171 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=31
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93e580cb-6ec6-409b-a49b-9ff1702d1189
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=c50b42d2-5ef5-4289-b7ae-fbb9808e59c3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 170 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=29
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93e580cb-6ec6-409b-a49b-9ff1702d1189
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 169 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=27
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93e580cb-6ec6-409b-a49b-9ff1702d1189
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 168 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=25
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93e580cb-6ec6-409b-a49b-9ff1702d1189
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 167 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=23
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93e580cb-6ec6-409b-a49b-9ff1702d1189
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 166 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=21
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93e580cb-6ec6-409b-a49b-9ff1702d1189
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 165 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=19
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93e580cb-6ec6-409b-a49b-9ff1702d1189
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 164 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93e580cb-6ec6-409b-a49b-9ff1702d1189
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 163 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=93e580cb-6ec6-409b-a49b-9ff1702d1189
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 162 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=946d5f73-6ebe-41ed-9843-c75f63834c7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=5.1.14393.1944
RunspaceId=8e8beee8-0735-49f5-94b9-42223214ed1f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 161 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=946d5f73-6ebe-41ed-9843-c75f63834c7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 160 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=946d5f73-6ebe-41ed-9843-c75f63834c7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 159 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=946d5f73-6ebe-41ed-9843-c75f63834c7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 158 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=946d5f73-6ebe-41ed-9843-c75f63834c7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 157 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=946d5f73-6ebe-41ed-9843-c75f63834c7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 156 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=946d5f73-6ebe-41ed-9843-c75f63834c7d
HostApplication=PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 155 | PowerShell | | Windows PowerShell | | | n-h1-705658-16 | | 1/28/2021 5:38:14 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=17
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=5.1.14393.1944
RunspaceId=7daab07d-0651-4522-8638-68cfa15aacea
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 154 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "WSMan" is Started.
Details:
ProviderName=WSMan
NewProviderState=Started
SequenceNumber=15
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 153 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Certificate" is Started.
Details:
ProviderName=Certificate
NewProviderState=Started
SequenceNumber=13
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 152 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 151 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 150 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 149 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 148 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 147 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=Default Host
HostVersion=5.1.14393.1944
HostId=f12a398c-107d-4e0f-819a-ffc53bc92407
HostApplication=C:\windows\system32\ServerManager.exe -arw
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 146 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:43:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=5.1.14393.1944
RunspaceId=aec94911-82d5-4605-ada7-e49055ea6007
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 145 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 144 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 143 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 142 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 141 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 140 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c54d91e0-8178-4d66-adf6-1769cb7a50d5
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 139 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:41:47 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=5.1.14393.1944
RunspaceId=8db922f0-0511-49c4-b38a-fbdb0b2889c8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 138 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 137 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 136 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 135 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 134 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 133 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=7a6064d3-caf8-4b2c-90d6-6614b6bb2722
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 132 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:27:28 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=5.1.14393.1944
RunspaceId=f313b4cd-0f39-498d-9ea1-7d6a0388a78e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 131 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 130 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 129 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 128 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 127 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 126 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a2011431-ed26-493a-9d87-2110cadf0708
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 125 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:23:42 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=5.1.14393.1944
RunspaceId=36a249c5-de3e-419e-a7df-98ad369b2d9e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 124 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 123 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 122 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 121 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 120 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 119 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=c2f4985e-6412-4fdf-bb96-36c7724b824a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 118 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:19:21 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=19
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=52ed0133-95ba-4d7e-a2ba-ec8c934216bb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 117 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 9:11:43 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=98467050-eab8-4e58-97d4-7e9397ff0dd0
PipelineId=1
ScriptName=
CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 116 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:07 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=98467050-eab8-4e58-97d4-7e9397ff0dd0
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 115 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:06 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 114 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 113 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 112 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 111 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 110 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=472903c4-35b3-4c83-9276-711692bf7dcf
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 109 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=52ed0133-95ba-4d7e-a2ba-ec8c934216bb
PipelineId=1
ScriptName=C:\UnattendResources\ini.psm1
CommandLine=Add-Type -TypeDefinition $Source -Language CSharp
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text;
using System.Runtime.InteropServices;
namespace PSCloudbase
{
public sealed class Win32IniApi
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern uint GetPrivateProfileString(
string lpAppName,
string lpKeyName,
string lpDefault,
StringBuilder lpReturnedString,
uint nSize,
string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WritePrivateProfileString(
string lpAppName,
string lpKeyName,
StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string
string lpFileName);
[DllImport("Kernel32.dll")]
public static extern uint GetLastError();
}
}"
ParameterBinding(Add-Type): name="Language"; value="CSharp"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 108 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:05 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=52ed0133-95ba-4d7e-a2ba-ec8c934216bb
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 107 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 106 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 105 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 104 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 103 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 102 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=8d90c0c8-a196-44ca-8b2d-eea3c4a4191a
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 101 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:55:03 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=17
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=4d6fad3d-f0b3-4bbe-8ad9-b26d9ec7292f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 100 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:54:38 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=a4a0a07f-06ac-4a2d-86a2-f4c056fed0a8
PipelineId=1
ScriptName=
CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 99 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=a4a0a07f-06ac-4a2d-86a2-f4c056fed0a8
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 98 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 97 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 96 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 95 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 94 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 93 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=995b7f6b-ae81-4871-be65-0f9f65a759a3
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 92 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:14 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=4d6fad3d-f0b3-4bbe-8ad9-b26d9ec7292f
PipelineId=1
ScriptName=C:\UnattendResources\ini.psm1
CommandLine=Add-Type -TypeDefinition $Source -Language CSharp
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text;
using System.Runtime.InteropServices;
namespace PSCloudbase
{
public sealed class Win32IniApi
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern uint GetPrivateProfileString(
string lpAppName,
string lpKeyName,
string lpDefault,
StringBuilder lpReturnedString,
uint nSize,
string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WritePrivateProfileString(
string lpAppName,
string lpKeyName,
StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string
string lpFileName);
[DllImport("Kernel32.dll")]
public static extern uint GetLastError();
}
}"
ParameterBinding(Add-Type): name="Language"; value="CSharp"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 91 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=4d6fad3d-f0b3-4bbe-8ad9-b26d9ec7292f
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 90 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:11 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 89 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 88 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 87 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 86 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 85 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=ea279757-10d2-4b3f-aea3-9bd56d8b557d
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 84 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:51:10 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=17
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=c332c739-15b8-4812-b056-a474dd9993ce
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 83 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:45:55 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=27951a80-e512-49a7-b578-8a8c4c59ae5e
PipelineId=1
ScriptName=
CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 82 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:16 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=27951a80-e512-49a7-b578-8a8c4c59ae5e
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 81 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 80 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 79 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 78 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 77 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 76 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a3c4b136-8b92-4591-8d05-55b9cc36181c
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 75 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=c332c739-15b8-4812-b056-a474dd9993ce
PipelineId=1
ScriptName=C:\UnattendResources\ini.psm1
CommandLine=Add-Type -TypeDefinition $Source -Language CSharp
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text;
using System.Runtime.InteropServices;
namespace PSCloudbase
{
public sealed class Win32IniApi
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern uint GetPrivateProfileString(
string lpAppName,
string lpKeyName,
string lpDefault,
StringBuilder lpReturnedString,
uint nSize,
string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WritePrivateProfileString(
string lpAppName,
string lpKeyName,
StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string
string lpFileName);
[DllImport("Kernel32.dll")]
public static extern uint GetLastError();
}
}"
ParameterBinding(Add-Type): name="Language"; value="CSharp"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 74 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:15 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=c332c739-15b8-4812-b056-a474dd9993ce
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 73 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 72 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 71 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 70 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 69 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 68 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=fb254b8e-13be-4f9e-988c-f1dc5bcf1c3e
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 67 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/19/2018 8:24:13 AM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=4d7d6ea6-001a-4f6f-8ec6-2fb1c9710a0b
PipelineId=1
ScriptName=
CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 66 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=4d7d6ea6-001a-4f6f-8ec6-2fb1c9710a0b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 65 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 64 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 63 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 62 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 61 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 60 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=3b12ced5-170e-4ade-ada5-d47a03367310
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 59 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:21 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=0abd4cfa-d693-4f23-b0cc-b5ff1c872ac6
PipelineId=1
ScriptName=C:\UnattendResources\ini.psm1
CommandLine=Add-Type -TypeDefinition $Source -Language CSharp
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text;
using System.Runtime.InteropServices;
namespace PSCloudbase
{
public sealed class Win32IniApi
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern uint GetPrivateProfileString(
string lpAppName,
string lpKeyName,
string lpDefault,
StringBuilder lpReturnedString,
uint nSize,
string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WritePrivateProfileString(
string lpAppName,
string lpKeyName,
StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string
string lpFileName);
[DllImport("Kernel32.dll")]
public static extern uint GetLastError();
}
}"
ParameterBinding(Add-Type): name="Language"; value="CSharp"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 58 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:20 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=0abd4cfa-d693-4f23-b0cc-b5ff1c872ac6
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 57 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 56 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 55 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 54 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 53 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 52 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=a50f47e2-8630-4973-8a45-00e6a9d807c9
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 51 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:07:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=17
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=21324846-87d1-4add-8e96-8b8ecf3baec5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 50 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 6:02:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=435f43b7-5ec6-41ea-9e53-9b93107b8d41
PipelineId=1
ScriptName=
CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 49 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.1944
RunspaceId=435f43b7-5ec6-41ea-9e53-9b93107b8d41
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 48 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 47 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 46 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 45 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 44 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 43 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=4c0ae675-b105-412a-be64-2005b0dcac13
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 42 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:28 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=21324846-87d1-4add-8e96-8b8ecf3baec5
PipelineId=1
ScriptName=C:\UnattendResources\ini.psm1
CommandLine=Add-Type -TypeDefinition $Source -Language CSharp
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text;
using System.Runtime.InteropServices;
namespace PSCloudbase
{
public sealed class Win32IniApi
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern uint GetPrivateProfileString(
string lpAppName,
string lpKeyName,
string lpDefault,
StringBuilder lpReturnedString,
uint nSize,
string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WritePrivateProfileString(
string lpAppName,
string lpKeyName,
StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string
string lpFileName);
[DllImport("Kernel32.dll")]
public static extern uint GetLastError();
}
}"
ParameterBinding(Add-Type): name="Language"; value="CSharp"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 41 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:26 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.1944
RunspaceId=21324846-87d1-4add-8e96-8b8ecf3baec5
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 40 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 39 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 38 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 37 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 36 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 35 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.1944
HostId=b2985717-76be-43ef-9b0a-41db65a781f6
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 34 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:43:23 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=17
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.0
RunspaceId=9f172a18-8cea-4b39-aef6-cb820c01f9d3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 33 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:35:48 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.0
RunspaceId=e01d735e-b2d6-4538-b5bc-96db397d918b
PipelineId=1
ScriptName=
CommandLine=Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="AssemblyName"; value="System.Windows.Forms"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 32 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=5.1.14393.0
RunspaceId=e01d735e-b2d6-4538-b5bc-96db397d918b
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 31 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 30 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 29 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 28 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 27 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 26 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=db882125-c9ba-4a77-b198-18055547ec63
HostApplication=C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-Type -AssemblyName System.Windows.Forms;while (1) {[System.Windows.Forms.SendKeys]::SendWait('~');start-sleep 50;}
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 25 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Pipeline execution details for command line: Add-Type -TypeDefinition $Source -Language CSharp
.
Context Information:
DetailSequence=1
DetailTotal=1
SequenceNumber=15
UserId=WIN-5T344G8GM1H\Administrator
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.0
RunspaceId=9f172a18-8cea-4b39-aef6-cb820c01f9d3
PipelineId=1
ScriptName=C:\UnattendResources\ini.psm1
CommandLine=Add-Type -TypeDefinition $Source -Language CSharp
Details:
CommandInvocation(Add-Type): "Add-Type"
ParameterBinding(Add-Type): name="TypeDefinition"; value="using System;
using System.Text;
using System.Runtime.InteropServices;
namespace PSCloudbase
{
public sealed class Win32IniApi
{
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
public static extern uint GetPrivateProfileString(
string lpAppName,
string lpKeyName,
string lpDefault,
StringBuilder lpReturnedString,
uint nSize,
string lpFileName);
[DllImport("kernel32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool WritePrivateProfileString(
string lpAppName,
string lpKeyName,
StringBuilder lpString, // Don't use string, as Powershell replaces with an empty string
string lpFileName);
[DllImport("Kernel32.dll")]
public static extern uint GetLastError();
}
}"
ParameterBinding(Add-Type): name="Language"; value="CSharp"
| 800 | | 0 | 4 | 8 | | 36028797018963968 | 24 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:31 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Pipeline Execution Details | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=5.1.14393.0
RunspaceId=9f172a18-8cea-4b39-aef6-cb820c01f9d3
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 23 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 22 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 21 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 20 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 19 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 18 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=c8f34489-4e8b-4b9c-84c9-71725a4cc1f0
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Logon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 17 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:30 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=5.1.14393.0
RunspaceId=8cefcba8-87f3-4fed-b96a-f2c105b2f3da
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 16 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:17 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=5.1.14393.0
RunspaceId=8cefcba8-87f3-4fed-b96a-f2c105b2f3da
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 15 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:16 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 14 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 13 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 12 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 11 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 10 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=f8b52ff0-c0fa-41d2-8730-2edabd513ac2
HostApplication=C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\FirstLogon.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 9 | PowerShell | | Windows PowerShell | | | WIN-5T344G8GM1H | | 1/16/2018 5:02:15 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from Available to Stopped.
Details:
NewEngineState=Stopped
PreviousEngineState=Available
SequenceNumber=15
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=5.1.14393.0
RunspaceId=16e771eb-c367-43f8-b362-2bd303750968
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 403 | | 0 | 4 | 4 | | 36028797018963968 | 8 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:37 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=5.1.14393.0
RunspaceId=16e771eb-c367-43f8-b362-2bd303750968
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 400 | | 0 | 4 | 4 | | 36028797018963968 | 7 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:36 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Engine Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 6 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 5 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 4 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 3 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 2 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |
| Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.0
HostId=2fd1a573-9000-4aa5-8a71-3f725488857f
HostApplication=powershell -NoLogo -NonInteractive -ExecutionPolicy RemoteSigned -File C:\UnattendResources\Specialize.ps1
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine= | 600 | | 0 | 4 | 6 | | 36028797018963968 | 1 | PowerShell | | Windows PowerShell | | | WIN-PD8DQPRRTAO | | 1/16/2018 5:01:35 PM | | | windows powershell | System.UInt32[] | System.Diagnostics.Eventing.Reader.EventBookmark | Information | Info | Provider Lifecycle | System.Collections.ObjectModel.ReadOnlyCollection`1[System.String] | System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty] |